library/HTMLPurifier/VarParser/Native.php

   1 <?php
   2
   3 /**
   4  * This variable parser uses PHP's internal code engine. Because it does
   5  * this, it can represent all inputs; however, it is dangerous and cannot
   6  * be used by users.
   7  */
   8 class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
   9 {
  10
  11     /**
  12      * @param mixed $var
  13      * @param int $type
  14      * @param bool $allow_null
  15      * @return null|string
  16      */
  17     protected function parseImplementation($var, $type, $allow_null)
  18     {
  19         return $this->evalExpression($var);
  20     }
  21
  22     /**
  23      * @param string $expr
  24      * @return mixed
  25      * @throws HTMLPurifier_VarParserException
  26      */
  27     protected function evalExpression($expr)
  28     {
  29         $var = null;
  30         $result = eval("\$var = $expr;");
  31         if ($result === false) {
  32             throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
  33         }
  34         return $var;
  35     }
  36 }
  37
  38 // vim: et sw=4 sts=4