diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-05-08 14:28:36 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-05-08 14:28:36 +0200 |
commit | a522971cf853b2f0ccd1b569491a06218ebbaee9 (patch) | |
tree | cf0e8c6bbe0978cf302b112080370b9a01cf5900 /program/include/rcmail_output_html.php | |
parent | ea6d6958e0a32c88bf8c00cbd118cfcd48fae096 (diff) | |
parent | c4723999e21da0b266b0467de6e58cbd26c4b5bf (diff) |
Merge branch 'master' of github.com:roundcube/roundcubemail
Conflicts:
program/js/list.js
Diffstat (limited to 'program/include/rcmail_output_html.php')
-rw-r--r-- | program/include/rcmail_output_html.php | 42 |
1 files changed, 28 insertions, 14 deletions
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php index d8996edbf..02eef2fd1 100644 --- a/program/include/rcmail_output_html.php +++ b/program/include/rcmail_output_html.php @@ -731,14 +731,13 @@ class rcmail_output_html extends rcmail_output /** * Determines if a given condition is met * - * @todo Get rid off eval() once I understand what this does. * @todo Extend this to allow real conditions, not just "set" * @param string Condition statement * @return boolean True if condition is met, False if not */ protected function check_condition($condition) { - return eval("return (".$this->parse_expression($condition).");"); + return $this->eval_expression($condition); } @@ -760,14 +759,15 @@ class rcmail_output_html extends rcmail_output /** - * Parses expression and replaces variables + * Parse & evaluate a given expression and return its result. * - * @param string Expression statement - * @return string Expression value + * @param string Expression statement + * + * @return mixed Expression result */ - protected function parse_expression($expression) + protected function eval_expression ($expression) { - return preg_replace( + $expression = preg_replace( array( '/session:([a-z0-9_]+)/i', '/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i', @@ -779,14 +779,29 @@ class rcmail_output_html extends rcmail_output ), array( "\$_SESSION['\\1']", - "\$this->app->config->get('\\1',rcube_utils::get_boolean('\\3'))", - "\$this->env['\\1']", + "\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))", + "\$env['\\1']", "rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)", "\$_COOKIE['\\1']", - "\$this->browser->{'\\1'}", + "\$browser->{'\\1'}", $this->template_name, ), - $expression); + $expression + ); + + $fn = create_function('$app,$browser,$env', "return ($expression);"); + if (!$fn) { + rcube::raise_error(array( + 'code' => 505, + 'type' => 'php', + 'file' => __FILE__, + 'line' => __LINE__, + 'message' => "Expression parse error on: ($expression)"), true, false); + + return null; + } + + return $fn($this->app, $this->browser, $this->env); } @@ -839,7 +854,7 @@ class rcmail_output_html extends rcmail_output // show a label case 'label': if ($attrib['expression']) - $attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";"); + $attrib['name'] = $this->eval_expression($attrib['expression']); if ($attrib['name'] || $attrib['command']) { // @FIXME: 'noshow' is useless, remove? @@ -971,8 +986,7 @@ class rcmail_output_html extends rcmail_output // return code for a specified eval expression case 'exp': - $value = $this->parse_expression($attrib['expression']); - return eval("return html::quote($value);"); + return html::quote($this->eval_expression($attrib['expression'])); // return variable case 'var': |