File indexing completed on 2024-05-12 06:02:06
0001 <?php 0002 0003 /** 0004 * This variable parser uses PHP's internal code engine. Because it does 0005 * this, it can represent all inputs; however, it is dangerous and cannot 0006 * be used by users. 0007 */ 0008 class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser 0009 { 0010 0011 /** 0012 * @param mixed $var 0013 * @param int $type 0014 * @param bool $allow_null 0015 * @return null|string 0016 */ 0017 protected function parseImplementation($var, $type, $allow_null) 0018 { 0019 return $this->evalExpression($var); 0020 } 0021 0022 /** 0023 * @param string $expr 0024 * @return mixed 0025 * @throws HTMLPurifier_VarParserException 0026 */ 0027 protected function evalExpression($expr) 0028 { 0029 $var = null; 0030 $result = eval("\$var = $expr;"); 0031 if ($result === false) { 0032 throw new HTMLPurifier_VarParserException("Fatal error in evaluated code"); 0033 } 0034 return $var; 0035 } 0036 } 0037 0038 // vim: et sw=4 sts=4