07-31-2009, 07:45 AM
El Forum
07-31-2009, 07:45 AM
[eluser]Christoffer[/eluser]
**removed**
**removed**
El Forum
08-21-2009, 05:45 AM
[eluser]Unknown[/eluser]
Cheers, that code helped very much.
I did a little modification to your code to support code evaluation (uses eval()). So you can do things such as:
Basically everything that you put in an if statement should work (although I've not done extensive testing).
So to implement your view code using my code, you would do the following:
Hope this is of some use to someone.
Just replace the method (function _parse_function_statements($template, $data)) from the previous post with this one.
Cheers, that code helped very much.
I did a little modification to your code to support code evaluation (uses eval()). So you can do things such as:
Code:
{if $avar == true}
avar is true
{else}
avar is false
{endif}
Basically everything that you put in an if statement should work (although I've not done extensive testing).
So to implement your view code using my code, you would do the following:
Code:
{if empty($your_variable)}
<p>The variable is empty</p>
{else}
<p>{your_variable}</p>
{endif}
Hope this is of some use to someone.
Just replace the method (function _parse_function_statements($template, $data)) from the previous post with this one.
Code:
function _parse_function_statements($template, $data)
{
if ( ! preg_match_all("|".$this->l_delim . "if (.+?)" . $this->r_delim."(.+?)".$this->l_delim . "endif" . $this->r_delim."|s", $template, $match) )
{
return $template;
}
for ($offset = 0; $offset < sizeof($match[0]); $offset++)
{
$return = array();
$return['original'] = trim($match[0][$offset]);
$return['keyword'] = trim($match[1][$offset]);
$return['if_data'] = trim($match[2][$offset]);
if ( preg_match_all("|(.*?)".$this->l_delim . "else" . $this->r_delim . "(.*)|s", $match[2][$offset], $else_match) ) {
$return['else_left'] = trim($else_match[1][0]);
$return['else_right'] = trim($else_match[2][0]);
} else {
$return['else_left'] = $return['if_data'];
$return['else_right'] = '';
}
$statement = $return['keyword'];
foreach ( $data as $key => $var ) {
if (strpos($statement, '$'.$key) !== FALSE) {
$statement = str_replace('$'.$key, '$data[\''.$key.'\']', $statement);
}
}
$result = '';
$eval = "\$result = (" . $statement . ") ? 'true' : 'false';";
eval($eval);
if ( $result == 'true' ) {
if ( isset($else_match) && isset($return['else_left']) ) $template = str_replace($return['original'], $return['else_left'], $template);
} else {
if ( isset($else_match) && isset($return['else_right']) ) $template = str_replace($return['original'], $return['else_right'], $template);
else $template = str_replace($return['original'], $return['if_data'], $template);
}
}
return $template;
}
El Forum
08-21-2009, 06:32 AM
[eluser]Christoffer[/eluser]
Sweet. I actually intended do do just that when I had more time. But I can just use your code instead.
Cheers!
Sweet. I actually intended do do just that when I had more time. But I can just use your code instead.
Cheers!
El Forum
10-29-2009, 10:00 AM
[eluser]Phil Sturgeon[/eluser]
I was hoping this would be handy for me as I am creating a parser that supports helper function calls. However, this surely would allow template editors to put in ANY PHP they want.
Not a problem for you guys, but we have client/user generated content running through the parser. :-)
I was hoping this would be handy for me as I am creating a parser that supports helper function calls. However, this surely would allow template editors to put in ANY PHP they want.
Quote:{if file_put_contents('uploads/evilfile.php', '<?php include('../application/config/database.php'); mysql_connect('etc etc etc') == true}
Not a problem for you guys, but we have client/user generated content running through the parser. :-)
El Forum
10-29-2009, 11:03 AM
[eluser]Jamie Rumbelow[/eluser]
Phil's right. Even if you're not pushing user-generated content through it just eval()ing whatever's in the template really isn't a good idea. You should build a templating system where you can pipe variables through functions, rather than just evaluating the code. Either that, or use one of the many solutions available. Heck, there's even more of them.
Phil's right. Even if you're not pushing user-generated content through it just eval()ing whatever's in the template really isn't a good idea. You should build a templating system where you can pipe variables through functions, rather than just evaluating the code. Either that, or use one of the many solutions available. Heck, there's even more of them.
El Forum
05-08-2012, 05:40 PM
[eluser]smatakajr[/eluser]
Awesome code snippet! Thanks
Awesome code snippet! Thanks