2008-03-05 05:03:01 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This variable parser uses PHP's internal code engine. Because it does
|
|
|
|
* this, it can represent all inputs; however, it is dangerous and cannot
|
|
|
|
* be used by users.
|
|
|
|
*/
|
|
|
|
class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
|
|
|
|
{
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2013-07-16 11:56:14 +00:00
|
|
|
/**
|
|
|
|
* @param mixed $var
|
|
|
|
* @param int $type
|
|
|
|
* @param bool $allow_null
|
|
|
|
* @return null|string
|
|
|
|
*/
|
|
|
|
protected function parseImplementation($var, $type, $allow_null)
|
|
|
|
{
|
2008-03-05 05:03:01 +00:00
|
|
|
return $this->evalExpression($var);
|
|
|
|
}
|
2008-12-06 07:28:20 +00:00
|
|
|
|
2013-07-16 11:56:14 +00:00
|
|
|
/**
|
|
|
|
* @param string $expr
|
|
|
|
* @return mixed
|
|
|
|
* @throws HTMLPurifier_VarParserException
|
|
|
|
*/
|
|
|
|
protected function evalExpression($expr)
|
|
|
|
{
|
2008-03-05 05:03:01 +00:00
|
|
|
$var = null;
|
|
|
|
$result = eval("\$var = $expr;");
|
|
|
|
if ($result === false) {
|
|
|
|
throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
|
|
|
|
}
|
|
|
|
return $var;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-12-06 09:24:59 +00:00
|
|
|
// vim: et sw=4 sts=4
|