|
|
Posted by Erwin Moller on 11/19/75 11:47
Justin Koivisto wrote:
> Erwin Moller wrote:
>> Ju Hui wrote:
>>
>>> thanks all your reply.
>>> But the answer isn't what I want.
>>>
>>> I know function eval(), it will execute the string pass to the function
>>> as php script.
>>>
>>> but my requirement is .
>>>
>>> $a is a string, it will retrive from db.
>>> I want to insert some php script to the $a, like {php}{/php} in Smarty
>>> of PHP. The code with special tag will be processed as php script.
>>> like
>>> [code]
>>> $b=1;
>>> $a="result,<? if ($b==1) echo \"b=1\" ?>";
>>> print $a
>>> [/code]
>>> I want to get result,b=1.
>>>
>>> thanks .
>>
>> Hi,
>>
>> Just make sure you make the boundaries clear of the PHP code in the
>> string you store in the database.
>> eg:
>> $myStr = "result,**PHP**if ($b==1) echo \"b=1\"**PHP** testing.";
>> Now if you retrieve that string from DB, you can get the parts you want
>> to execute using explode("**PHP**",$myStr) and a little coding.
>>
>> Of course, be sure that the seperatorstring (**PHP** in this example)
>> cannot be used elsewhere, or this will fail.
>>
>> I must warn you, like others did, that you should try to avoid such
>> design.
>>
>> If the content of the executable PHP-code is coming from users, don't
>> trust it. I can contain anything, and you do NOT want to eval that.
>> Beware.
>>
>> A sidenote:
>> I have been coding PHP for years nonstop, and I only needed eval once.
>> I got so paranoid that I needed 2 days of additional coding and testing
>> to be sure it was safe.
>> My point: You probably do not need eval().
>
> I just used eval for the first time yesterday....
>
> <?php
> foreach($scoring as $page=>$words){
> $evalstatemnet=array();
> foreach($parts as $word){
> $evalstatemnet[]='isset($words[\''.$word.'\'])';
> }
> if(!(eval(join(' && ',$evalstatemnet)))){
> unset($scoring[$page]);
> }
> }
> ?>
>
> Part of a search function where $word would only ever be [a-z0-9_] -
> Even then, I wasn't sure if I really wanted to use it... A few hours
> later, it was replaced by something else (different algo). ;)
>
Hi Justin,
I do not see how that piece of code makes sure that no naughty commands are
executed.
It completely depends on what $scoring contains.
If you let me deliver that $scoring-array, I think I can delete the content
of your harddrive.
But maybe I miss something completely. :-/
Regards,
Erwin
Navigation:
[Reply to this message]
|