Us mark says eval can be very dangerous and should be avoided at all costs
especially in combination with userinput. For my database based page that
require more then just html/css/js I use Twig <http://www.twig-project.org/> to
add dynamic possibilities without exposing more then required. (I also use
it for view files tbh.)
On Friday, August 10, 2012 7:03:48 PM UTC+2, euromark wrote:
>
> careful who has access to it, though
> using eval can be pretty dangerous - since it can execute any php code.
> so "normal users" should probably not have edit access.
>
> PS: in my case it was
> $res = eval("?>" . $str . "<?php ");
> to make it work in all cases
>
> the reason you need this is that you have HTML in it and php is only
> embedded there as <?php ... ?>
>
>
>
> Am Freitag, 10. August 2012 18:24:23 UTC+2 schrieb sanjeev:
>>
>> Thanks Tilen,
>>
>> This following code works
>> $content = $this->fetch('content');
>> echo eval('?>'.$content);
>>
>> can you explain why i need to prefix ?> berfore $content?
>>
>> On Fri, Aug 10, 2012 at 3:43 PM, Tilen Majerle <[email protected]>wrote:
>>
>>> ok, i understand...
>>> allow user to write some idk, php code, save it in database and than use
>>> php's eval.
>>>
>>> http://si2.php.net/manual/en/function.eval.php
>>>
>>> eval will execute code :)
>>> --
>>> Lep pozdrav, Tilen Majerle
>>> http://majerle.eu
>>>
>>>
>>>
>>> 2012/8/10 Sanjeev Divekar <[email protected]>
>>>
>>>> No it's not cache. I want to execute user defined PHP code in my view.
>>>>
>>>>
>>>> On Fri, Aug 10, 2012 at 2:31 PM, Tilen Majerle <[email protected]>wrote:
>>>>
>>>>> it sound's like you cache some view. Why you don't just use Cache by
>>>>> cakephp ?
>>>>> http://book.cakephp.org/2.0/en/core-libraries/caching.html
>>>>> --
>>>>> Lep pozdrav, Tilen Majerle
>>>>> http://majerle.eu
>>>>>
>>>>>
>>>>>
>>>>> 2012/8/10 sanjeev <[email protected]>
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I am developing CMS which need to execute some php code e.g. <?php
>>>>>> echo $this->element('helpbox'); ?> which is stored in database.
>>>>>>
>>>>>> I tried
>>>>>> file_put_contents ('tempfile.tmp',$this->fetch('content'));
>>>>>> include('tempfile.tmp');
>>>>>> in layout which works
>>>>>>
>>>>>> but any better Idea?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "CakePHP" group.
>>>>>> To post to this group, send email to [email protected].
>>>>>> To unsubscribe from this group, send email to
>>>>>> [email protected].
>>>>>> Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "CakePHP" group.
>>>>> To post to this group, send email to [email protected].
>>>>> To unsubscribe from this group, send email to
>>>>> [email protected].
>>>>> Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Warm Regards,
>>>> Sanjeev
>>>> http://sanjeevdivekar.wordpress.com
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CakePHP" group.
>>>> To post to this group, send email to [email protected].
>>>> To unsubscribe from this group, send email to
>>>> [email protected].
>>>> Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
>>>>
>>>>
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "CakePHP" group.
>>> To post to this group, send email to [email protected].
>>> To unsubscribe from this group, send email to
>>> [email protected].
>>> Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
>>>
>>>
>>>
>>
>>
>>
>> --
>> Warm Regards,
>> Sanjeev
>> http://sanjeevdivekar.wordpress.com
>>
>
--
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
