summaryrefslogtreecommitdiff
path: root/program/include/rcmail_output_html.php
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-05-08 14:28:36 +0200
committerAleksander Machniak <alec@alec.pl>2013-05-08 14:28:36 +0200
commita522971cf853b2f0ccd1b569491a06218ebbaee9 (patch)
treecf0e8c6bbe0978cf302b112080370b9a01cf5900 /program/include/rcmail_output_html.php
parentea6d6958e0a32c88bf8c00cbd118cfcd48fae096 (diff)
parentc4723999e21da0b266b0467de6e58cbd26c4b5bf (diff)
Merge branch 'master' of github.com:roundcube/roundcubemail
Conflicts: program/js/list.js
Diffstat (limited to 'program/include/rcmail_output_html.php')
-rw-r--r--program/include/rcmail_output_html.php42
1 files changed, 28 insertions, 14 deletions
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index d8996edbf..02eef2fd1 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -731,14 +731,13 @@ class rcmail_output_html extends rcmail_output
/**
* Determines if a given condition is met
*
- * @todo Get rid off eval() once I understand what this does.
* @todo Extend this to allow real conditions, not just "set"
* @param string Condition statement
* @return boolean True if condition is met, False if not
*/
protected function check_condition($condition)
{
- return eval("return (".$this->parse_expression($condition).");");
+ return $this->eval_expression($condition);
}
@@ -760,14 +759,15 @@ class rcmail_output_html extends rcmail_output
/**
- * Parses expression and replaces variables
+ * Parse & evaluate a given expression and return its result.
*
- * @param string Expression statement
- * @return string Expression value
+ * @param string Expression statement
+ *
+ * @return mixed Expression result
*/
- protected function parse_expression($expression)
+ protected function eval_expression ($expression)
{
- return preg_replace(
+ $expression = preg_replace(
array(
'/session:([a-z0-9_]+)/i',
'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
@@ -779,14 +779,29 @@ class rcmail_output_html extends rcmail_output
),
array(
"\$_SESSION['\\1']",
- "\$this->app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
- "\$this->env['\\1']",
+ "\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
+ "\$env['\\1']",
"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
"\$_COOKIE['\\1']",
- "\$this->browser->{'\\1'}",
+ "\$browser->{'\\1'}",
$this->template_name,
),
- $expression);
+ $expression
+ );
+
+ $fn = create_function('$app,$browser,$env', "return ($expression);");
+ if (!$fn) {
+ rcube::raise_error(array(
+ 'code' => 505,
+ 'type' => 'php',
+ 'file' => __FILE__,
+ 'line' => __LINE__,
+ 'message' => "Expression parse error on: ($expression)"), true, false);
+
+ return null;
+ }
+
+ return $fn($this->app, $this->browser, $this->env);
}
@@ -839,7 +854,7 @@ class rcmail_output_html extends rcmail_output
// show a label
case 'label':
if ($attrib['expression'])
- $attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";");
+ $attrib['name'] = $this->eval_expression($attrib['expression']);
if ($attrib['name'] || $attrib['command']) {
// @FIXME: 'noshow' is useless, remove?
@@ -971,8 +986,7 @@ class rcmail_output_html extends rcmail_output
// return code for a specified eval expression
case 'exp':
- $value = $this->parse_expression($attrib['expression']);
- return eval("return html::quote($value);");
+ return html::quote($this->eval_expression($attrib['expression']));
// return variable
case 'var':