From fe245e5f5dbea1c18517471103185e04a52c89b3 Mon Sep 17 00:00:00 2001
From: Andy Wermke <andy@dev.next-step-software.com>
Date: Fri, 5 Apr 2013 13:49:32 +0200
Subject: Replaced last eval(). Allowing function calls in expressions.

---
 program/include/rcmail_output_html.php | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index 3e0a4e674..772bdccf7 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -793,12 +793,6 @@ class rcmail_output_html extends rcmail_output
      * @param  string Expression statement
      */
     protected function eval_expression ($expression) {
-        // Prevent function calls in `expression`:
-        $expression = str_replace("\n", "", $expression);
-        if(preg_match('#\w+ \s* (/\* .* \*/)* \s* \(#ix', $expression))
-            return false;
-
-        // Evaluate expression:
         $expression = $this->parse_expression($expression);
         $fn = create_function('$app,$browser,$env', "return ($expression);");
         return $fn($this->app, $this->browser, $this->env);
@@ -854,7 +848,7 @@ class rcmail_output_html extends rcmail_output
             // show a label
             case 'label':
                 if ($attrib['expression'])
-                    $attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";");
+                    $attrib['name'] = $this->eval_expression($attrib['expression']);
 
                 if ($attrib['name'] || $attrib['command']) {
                     // @FIXME: 'noshow' is useless, remove?
-- 
cgit v1.2.3