[eluser]Ergose[/eluser]
hmm, I'll have to try that, but I think I'm missing something.
What is in the DB that I was toying with(and this is off the top of my head right now) is:
Code:
[encoded "<" from where I used encode_php_tags]?php echo 'test'; ?[encoded tag ">"]
<?php echo 'test'; ?> in the DB threw a different error because the tags were in there.
echo 'test'; in the DB works.
So given those tests, would eval('?>' . $row['php_code']); somehow make eval convert the tags, or am I missing something, because I don't figure it would.
Just to clearify as I had alot going on earlier. I would like to store the PHP code in the DB and be able to execute it or display the source or edit it when I have everything locked down later. So, being that I get forgetful in a hurry, I figure being able to have the tags in the DB and rip them out via regex or something would be better, even though it would be a little extra work. Then if I put in the PHP with or without the tags, by the time it gets eval()ed, eval would be happy.
As for the trusted data part, I am being really anal on it. I and I alone will have access to that part and I'm splitting that part of the interface off, on it's own, on a separate server, under totally different credentials and permissions. It's mainly there to aid me in my development efforts. I've been working on a site rendering system, with a multisite management backend, and preferably a development backend to aid me if I need to make quick additions to the site that need to be more dynamic, but the last takes lowest priority. In this case, however, I may as well have made the fields in the DB and was testing parts that would use this later, so instead of going back and having to debug these modules all over again, I figured I'd kill two birds with one stone. Plus, as usual, I'm having to balance security with functionality because super secure is great, but it tends to not aid in production all the time. I unfortunately am not in a possition to lead a team that could have someone dedicated to just looking for security probs, nor are there the resources.
Anyway, calling it a night.
Ergose signing off...