]>
Commit | Line | Data |
---|---|---|
1 | <?php\r | |
2 | \r | |
3 | /**\r | |
4 | * This variable parser uses PHP's internal code engine. Because it does\r | |
5 | * this, it can represent all inputs; however, it is dangerous and cannot\r | |
6 | * be used by users.\r | |
7 | */\r | |
8 | class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser\r | |
9 | {\r | |
10 | \r | |
11 | /**\r | |
12 | * @param mixed $var\r | |
13 | * @param int $type\r | |
14 | * @param bool $allow_null\r | |
15 | * @return null|string\r | |
16 | */\r | |
17 | protected function parseImplementation($var, $type, $allow_null)\r | |
18 | {\r | |
19 | return $this->evalExpression($var);\r | |
20 | }\r | |
21 | \r | |
22 | /**\r | |
23 | * @param string $expr\r | |
24 | * @return mixed\r | |
25 | * @throws HTMLPurifier_VarParserException\r | |
26 | */\r | |
27 | protected function evalExpression($expr)\r | |
28 | {\r | |
29 | $var = null;\r | |
30 | $result = eval("\$var = $expr;");\r | |
31 | if ($result === false) {\r | |
32 | throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");\r | |
33 | }\r | |
34 | return $var;\r | |
35 | }\r | |
36 | }\r | |
37 | \r | |
38 | // vim: et sw=4 sts=4\r |