CodeIgniter Forums

[eluser]Christoffer[/eluser]
**removed**

[eluser]Unknown[/eluser]
Cheers, that code helped very much.

I did a little modification to your code to support code evaluation (uses eval()). So you can do things such as:

Code:
{if $avar == true}

avar is true

{else}

avar is false

{endif}

Basically everything that you put in an if statement should work (although I've not done extensive testing).

So to implement your view code using my code, you would do the following:

Code:
{if empty($your_variable)}

  <p>The variable is empty</p>

{else}

  <p>{your_variable}</p>

{endif}

Hope this is of some use to someone.

Just replace the method (function _parse_function_statements($template, $data)) from the previous post with this one.

Code:
function _parse_function_statements($template, $data)

    {

        if ( ! preg_match_all("|".$this->l_delim . "if (.+?)" . $this->r_delim."(.+?)".$this->l_delim . "endif" . $this->r_delim."|s", $template, $match) )

        {

            return $template;

        }

        for ($offset = 0; $offset < sizeof($match[0]); $offset++)

        {

            $return = array();

            $return['original'] = trim($match[0][$offset]);

            $return['keyword'] = trim($match[1][$offset]);

            $return['if_data'] = trim($match[2][$offset]);

            if ( preg_match_all("|(.*?)".$this->l_delim . "else" . $this->r_delim . "(.*)|s", $match[2][$offset], $else_match) ) {

                $return['else_left'] = trim($else_match[1][0]);

                $return['else_right'] = trim($else_match[2][0]);

            } else {

                $return['else_left'] =  $return['if_data'];

                $return['else_right'] = '';

            }

            $statement = $return['keyword'];

            foreach ( $data as $key => $var ) {

                if (strpos($statement, '$'.$key) !== FALSE) {

                    $statement = str_replace('$'.$key, '$data[\''.$key.'\']', $statement);

                }

            }

            $result = '';

            $eval = "\$result = (" . $statement . ") ? 'true' : 'false';";

            eval($eval);

            if ( $result == 'true' ) {

                if ( isset($else_match) && isset($return['else_left']) ) $template = str_replace($return['original'], $return['else_left'], $template);

            } else {

                if ( isset($else_match) && isset($return['else_right'])  ) $template = str_replace($return['original'], $return['else_right'], $template);

                else $template = str_replace($return['original'], $return['if_data'], $template);

            }

        }

        return $template;

    }

[eluser]Christoffer[/eluser]
Sweet. I actually intended do do just that when I had more time. But I can just use your code instead.

Cheers!

[eluser]Phil Sturgeon[/eluser]
I was hoping this would be handy for me as I am creating a parser that supports helper function calls. However, this surely would allow template editors to put in ANY PHP they want.

Quote:{if file_put_contents('uploads/evilfile.php', '<?php include('../application/config/database.php'); mysql_connect('etc etc etc') == true}

Not a problem for you guys, but we have client/user generated content running through the parser. :-)

[eluser]Jamie Rumbelow[/eluser]
Phil's right. Even if you're not pushing user-generated content through it just eval()ing whatever's in the template really isn't a good idea. You should build a templating system where you can pipe variables through functions, rather than just evaluating the code. Either that, or use one of the many solutions available. Heck, there's even more of them.

[eluser]smatakajr[/eluser]
Awesome code snippet! Thanks

El Forum

El Forum

El Forum

El Forum

El Forum

El Forum

El Forum