1: | <?php |
2: | |
3: | /** |
4: | * This variable parser uses PHP's internal code engine. Because it does |
5: | * this, it can represent all inputs; however, it is dangerous and cannot |
6: | * be used by users. |
7: | */ |
8: | class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser |
9: | { |
10: | |
11: | /** |
12: | * @param mixed $var |
13: | * @param int $type |
14: | * @param bool $allow_null |
15: | * @return null|string |
16: | */ |
17: | protected function parseImplementation($var, $type, $allow_null) |
18: | { |
19: | return $this->evalExpression($var); |
20: | } |
21: | |
22: | /** |
23: | * @param string $expr |
24: | * @return mixed |
25: | * @throws HTMLPurifier_VarParserException |
26: | */ |
27: | protected function evalExpression($expr) |
28: | { |
29: | $var = null; |
30: | $result = eval("\$var = $expr;"); |
31: | if ($result === false) { |
32: | throw new HTMLPurifier_VarParserException("Fatal error in evaluated code"); |
33: | } |
34: | return $var; |
35: | } |
36: | } |
37: | |
38: | // vim: et sw=4 sts=4 |
39: |