Re: [PHP] eval challenge
> ok ... what would represent? > The output of $ofa-core->siteMapLink();? > > If your using XML throughout - have you looked at XSLT transformations? It's just a symbolic name - the output is created from a few different objects within the CMS, but it was such a commonly used set of data requests that I make a tag up to handle them all at once, to make it a bit cleaner. XSL/XSLT is on my "to prototype" list ;) neko -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] eval challenge
> Currently, I'm using defined tags for replacing info from my CMS, eg: > > $str = "" > > Then I have a function that has all the objects in scope, and can > perform the necessary replacements. ok ... what would represent? The output of $ofa-core->siteMapLink();? If your using XML throughout - have you looked at XSLT transformations? -- Dan Hardiker [EMAIL PROTECTED] ADAM Software & Systems Engineer First Creative -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] eval challenge
Thanks for your time, Dan. Currently, I'm using defined tags for replacing info from my CMS, eg: $str = "" Then I have a function that has all the objects in scope, and can perform the necessary replacements. I am prototyping some stuff with smarty, but so far have yet to see how it benefits over my current implementation. I don't have to to worry about non-technical persons building/maintaining the site, so I'd rather stick with include() to build my pages from templates/blocks/content. As I learn more about smarty, I might use it to power the presentation layer of my CMS, but only when I can see a long-term benefit from using it. My cms makes use of presentation logic components, which you supply microtemplates to in order to produce the final output. These components can reside within "templates", so currently my html redundancy is minimal. cheers, neko -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] eval challenge
> - define a string that has a function call in it (that returns a string)
> that at the time of declaration is not in scope, eg
>
> $str = "this is the name : \$node->getName()"; // $node is _not_ defined
> currently, so we can't escape out
Ya have 2 options really (from my perspective):
1. Place in "jump out's"
If you know your evaling routine is using 's then use them to break out of
the parser. Firstly - this is bad coding - as if you can break out, then
so can the rest of the data in the string. If you insist on this method,
on any external data check for the break out char and escape it -
otherwise you have a major security hole.
$str = "text here '.\$node->getName().'more text maybe";
eval("\$str = '$str';");
NOTE: there is no ' at the start or end of the string - this is important.
2. Build a string parser and use tagging... easiest done in XML imho
$str = "some text here $node->getName()";
Then go through the string before the eval executing everything between
exec tags (be security concious for heavens sake - can be dangerous if not
strictly checked) and replace the command with the response.
I can provide sample code for either options ... but would rather not mock
up a test bed if its not gonna get used ;)
PS: Im guessing your building dynamic templates ... have you had a look
into "smarty"? http://smarty.php.net/
--
Dan Hardiker [EMAIL PROTECTED]
ADAM Software & Systems Engineer
First Creative
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] eval challenge
- define a string that has a function call in it (that returns a string)
that at the time of declaration is not in scope, eg
$str = "this is the name : \$node->getName()"; // $node is _not_ defined
currently, so we can't escape out
then, later on in the code, this string will be passed to a function that
has $node in scope, and that's when I want to eval the string to replace the
value.
$node = new Node($argwhatever);
eval("\$str=\"$str\";"); // $node is now in scope, so I'd really like
$node->getName to return something meaningful
Anyone able to solve this one? Yesterday I could achieve most other
requirements with eval, but this one has me stumped.
cheers,
neko
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
