----- Original Message -----
From: "Zak Mc Kracken" <zakmck73@xxxxxxxx>
Hi all,
Is there a PHP function that parses a string as it was the content of a
PHP file?
I have a CMS application and editors write the news items text into a
text area. Since they have some knowledge of PHP, I'd like to allow them
to insert <? ... ?> or <?= ... ?> and have the content blocks parsed and
executed. OK, this could be easily done parsing the string and passing
the block contents to eval(). However I wonder wether there is some
function already doing that (maybe in a more efficient way).
I would not recommend you do such a thing, you are opening up all the PHP
environment to the editors, including reading variables and calling
functions they whould see nor run.
Instead, I would sugest you allow them to embed within the text a series of
functions or variables which you would define, enclosed in whatever symbols
you find suitable (easy to search and unambiguous) which would allow your
program to replace by whatever data you may provide for them to use but in
no case I would open up the whole of the PHP environment to them. You would
pick those functions with a regular expression and do a switch on the
keyword found and process it. Thus each keyword would have a case to
process it and might call a PHP function or read a variable, but no
'default:', if it is not within the allowed functions, forget it. And never
make eval() accessible to users.
Satyam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
