egroupware_official/phpgwapi/inc/htmlpurifier/library/HTMLPurifier/VarParser/Native.php
Ralf Becker 8f797be836 Added HTMLPurifier (http://htmlpurifier.org/) Version 3.3.0
- can be used via html class like: 

        $clean_html = html::purify($html);

- using it now in eTemplate to remove malicious code from html:
  a) when displaying "formatted text"
  b) when "formatted text" get's input by the user
2009-05-19 17:32:06 +00:00

27 lines
669 B
PHP
Executable File

<?php
/**
* This variable parser uses PHP's internal code engine. Because it does
* this, it can represent all inputs; however, it is dangerous and cannot
* be used by users.
*/
class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
{
protected function parseImplementation($var, $type, $allow_null) {
return $this->evalExpression($var);
}
protected function evalExpression($expr) {
$var = null;
$result = eval("\$var = $expr;");
if ($result === false) {
throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
}
return $var;
}
}
// vim: et sw=4 sts=4