Is there an equivalent in PHP for the bitwise OR operator (pipe symbol | )? I am using wordpress insert php plugin to allow php code in my content entries on posts and pages, and the way the plugin works is to take the code and run an eval statement on it, but eval function hiccups on certain symbols like bitwise OR or double-pipe OR or dollar sign $. I came across the problem while trying to call json_encode with some flags connected by bitwise OR and of course the eval'ed code barfed when run. My solution is to put the code into a function (like json_encode_eval() ) and define the function in functions.php with the call to json_encode ie return json_encode($str, FLAG | ANOTHER_FLAG); , but is there a better solution? Thanks in advance.
1条回答 默认 最新
douye2488 2014-10-10 00:10关注Check if wordpress is encoding the | to an html escaped code. (Look for any of
| | | | |)
If so, you'll have to unescape it before evalling.
[I'm pretty sure there's always a better way than evalling user submitted text - you may have a huge security hole there.]
I tried this and it gives the expected answer:
<?php eval("\$a = 2|1;"); $b = 2|1; var_dump($a); var_dump($b);Outputs:
int(3) int(3)解决 无用评论 打赏举报
分享
- 2016-04-29 15:42回答 2 已采纳 You have three choices, really. function_exists() // this will check for the function's existenc
- 2016-07-12 14:38回答 3 已采纳 $pageTitle = isset($seo->meta_title) ? @eval("return $seo->meta_title;") : null; it will a
- 2015-09-02 17:19回答 1 已采纳 Please , try to use the following code and don't remove <?php and ?> tags from start/end fil
- 2023-10-08 21:16M0no10gue的博客 php?>是正和常情况下的标签,用于识别这是个php文件,但php也允许使用短标签和等价于
- 2017-06-27 02:39回答 1 已采纳 You're getting that error because your array keys are plain code rather than strings. You'd have t
- 2018-04-27 02:01回答 1 已采纳 As stated in the manual: The code must not be wrapped in opening and closing PHP tags, i.e. 'e
- 2014-07-02 09:02回答 1 已采纳 eval evaluates code, so, as @sectus says in comments, execute the code For example: eval ("echo
- 2023-08-02 09:40木…的博客 首先我们要将一部分代码写入文件中但有代码可知我们要从v2中得到相关的代码,v2又需要是数字,所以我们要保证v2是数字,然后str是代码,可以先将v3使用伪协议用base64写入,所以这个时候的str是base64代码,call_...
- 2015-10-30 13:01回答 2 已采纳 After a lot of trials and tests I got it to work this way: show( $_SESSION ); /** * halts proc
- 2014-07-22 05:00回答 2 已采纳 In order to work with html in eval() function, prepend <?php and append ?> in the string pas
- 2013-06-25 04:15回答 4 已采纳 If you really want to do it, you can use eval() as your method c) suggests: $var // your variable
- 2022-02-01 15:30是Mumuzi的博客 } } 虽然16进制可以绕过第一层但是第二层他过滤了字母,于是想到八进制,是直接用的0开头 ?num=010574 web94 include("flag.php"); highlight_file(__FILE__); if(isset($_GET['num'])){ $num = $_GET['num']; if($...
- 2017-04-25 12:56回答 2 已采纳 Escape your input data with a real_escape_string function: http://php.net/manual/en/mysqli.real-es
- 2021-04-25 14:35黄昏单车的博客 php面试题 ...# 200:服务器请求成功 # 301:永久重定向,旧网页已被新网页永久替代 ...# 503:服务不可用,服务器由于维护或者负载过重未能应答 # 504:网关超时(nginx做为反向代理服务器,所连接的应用服务器无响应导致
- 2010-04-24 18:52通过我们已经学过的知识,你可以编写一个最简单的程序输出一个也许是程序世界中最有名的词语: echo "Hello World!"; ?> First PHP page // Single line C++ style comment /* printing the message */ ...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 winform的chart曲线生成时有凸起
- ¥15 msix packaging tool打包问题
- ¥15 finalshell节点的搭建代码和那个端口代码教程
- ¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
- ¥15 Centos / PETSc / PETGEM
- ¥15 centos7.9 IPv6端口telnet和端口监控问题
- ¥120 计算机网络的新校区组网设计
- ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
- ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
- ¥20 海浪数据 南海地区海况数据,波浪数据