dongzhang4301 2017-11-23 12:06
浏览 42

如何在不使用eval的情况下解析文件 - PHP?

Is there any other way to parse the file without eval()? I'm trying to render the php code without using php tags inside index.gs and so far i can do it only with eval(). The problem is not only to parse vars, but custom template characters.

here is the sample of code below.

 $render = file_get_contents($this->file);

 $render = $this->parse_extends($render);
 $render = $this->parse_assets($render);
 $render = $this->parse_vars($render);
 $render = $this->parse_vars_skip($render);

  try {
        ob_start();
        eval('?>' . $render);
        $render = ob_get_contents();
    } finally {
        ob_get_clean();
    }
    return $render;

The return $render - return to View::class code for response

  • 写回答

1条回答 默认 最新

  • duanqiao2225 2017-11-23 12:10
    关注

    If the allow_url_include directive is enabled in php.ini, then it’s possible to execute this code using

    include "data://text/plain;base64," . base64_encode($render);

    but this setting is disabled by default, and cannot be changed within user code, but only through editing the php.ini file; so unless explicitly enabled in php.ini (and there normally isn’t any good reason why it should be), then it isn’t really an option.

    An alternative is to create a temporary file, write the code there, and then execute it using include:

    $tempFilename = tempnam("/tmp", "MyTemplate");
file_put_contents($tempFilename, $render);
include $tempFilename;
unlink($tempFilename);

    But both have similar issues and dangers to eval().

    评论

报告相同问题?

悬赏问题

  • ¥15 yolov8边框坐标
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂