Some Patch For Eval In Ccomponent.php

Hello all,

Sorry for my bad english. I have some modified File in framework/base/CComponent.php

to run Yii on restricted eval environtment (something like php_suhosin ).

Hopelly this can help someone has similar problem with me.

before patch I cannot use:


 'value'=>'$data->frx0->columnx' 

with this patch calling eval variable will worked on restricted eval environtment

You can replace function evaluateExpression with this patch:




	public function evaluateExpression($_expression_,$_data_=array())

	{

		if(is_string($_expression_))

		{

			$key=str_replace("\$data->","",$_expression_);

			if(preg_match("/-\>/",$key)){

			  $data=$_data_['data'];

			  $var=explode("->",$key);

			  foreach($var as $key){

				if(isset($data->$key)) $data=$data->$key;

			  }

			  return $data;

			}elseif(!empty($key)) return   $_data_['data']->$key;

			else return null;

		}

		else

		{

			$_data_[]=$this;

			return call_user_func_array($_expression_, $_data_);

		}

	}




If you’re on PHP 5.3+ you can use:




'value'=> function($data) {

  return $data->frx0->columnx;

}



Hi sam thanks, I see that is short solution.

I wonder if Yii can run on restricted eval (suhosin) without some modification.

In my side




 $this->widget('zii.widgets.grid.CGridView' 

the button update,view,delete is not working, because its call some eval() or evaluateExpression()

function I believe, how to solve this?

Change all evals to anonymous functions?

yes it does posible, thanks for the tips. i changed to this:




$this->widget('zii.widgets.grid.CGridView', array(

    'id'=>'customer-grid',

    'dataProvider'=>$model->search(),

    'filter'=>$model,

    'columns'=>array(

        'customer_name',

        array(

            'class'=>'CButtonColumn',

            'template'=>'{view}',

            'buttons'=>array

            (

                'view' => array

                (

                    'label'=>'Update',

                    'url'=>function($data){ return Yii::app()->createUrl("cust/edit", array("id"=>$data->custid));},

                    'imageUrl'=>Yii::app()->request->baseUrl.'/images/icon_select.gif',

                    'options'=>array('style'=>'width:10px; border:none'),

                    'click'=>'function(event) { 

                        $.ajax({

                            url:$(this).attr("href"),

                            dataType: \'json\',

                            success: function(data){

                                $("#customerlist").dialog("open");

                                $("#Job_name").val(data.newjobno); 

                                $("#customerlist").dialog("close");

                            }

                        });                     

                        event.preventDefault();

                    }',

                ),      

            ),

        ),

       ),

));