| 1: | <?php |
| 2: | |
| 3: | /** |
| 4: | * This variable parser uses PHP's internal code engine. Because it does |
| 5: | * this, it can represent all inputs; however, it is dangerous and cannot |
| 6: | * be used by users. |
| 7: | */ |
| 8: | class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser |
| 9: | { |
| 10: | |
| 11: | /** |
| 12: | * @param mixed $var |
| 13: | * @param int $type |
| 14: | * @param bool $allow_null |
| 15: | * @return null|string |
| 16: | */ |
| 17: | protected function parseImplementation($var, $type, $allow_null) |
| 18: | { |
| 19: | return $this->evalExpression($var); |
| 20: | } |
| 21: | |
| 22: | /** |
| 23: | * @param string $expr |
| 24: | * @return mixed |
| 25: | * @throws HTMLPurifier_VarParserException |
| 26: | */ |
| 27: | protected function evalExpression($expr) |
| 28: | { |
| 29: | $var = null; |
| 30: | $result = eval("\$var = $expr;"); |
| 31: | if ($result === false) { |
| 32: | throw new HTMLPurifier_VarParserException("Fatal error in evaluated code"); |
| 33: | } |
| 34: | return $var; |
| 35: | } |
| 36: | } |
| 37: | |
| 38: | // vim: et sw=4 sts=4 |
| 39: |