iferianto
(Iferianto)
1
Hello all,
Sorry for my bad english. I have some modified File in framework/base/CComponent.php
to run Yii on restricted eval environtment (something like php_suhosin ).
Hopelly this can help someone has similar problem with me.
before patch I cannot use:
'value'=>'$data->frx0->columnx'
with this patch calling eval variable will worked on restricted eval environtment
You can replace function evaluateExpression with this patch:
public function evaluateExpression($_expression_,$_data_=array())
{
if(is_string($_expression_))
{
$key=str_replace("\$data->","",$_expression_);
if(preg_match("/-\>/",$key)){
$data=$_data_['data'];
$var=explode("->",$key);
foreach($var as $key){
if(isset($data->$key)) $data=$data->$key;
}
return $data;
}elseif(!empty($key)) return $_data_['data']->$key;
else return null;
}
else
{
$_data_[]=$this;
return call_user_func_array($_expression_, $_data_);
}
}
samdark
(Alexander Makarov)
2
If you’re on PHP 5.3+ you can use:
'value'=> function($data) {
return $data->frx0->columnx;
}
iferianto
(Iferianto)
3
Hi sam thanks, I see that is short solution.
I wonder if Yii can run on restricted eval (suhosin) without some modification.
In my side
$this->widget('zii.widgets.grid.CGridView'
the button update,view,delete is not working, because its call some eval() or evaluateExpression()
function I believe, how to solve this?
samdark
(Alexander Makarov)
4
Change all evals to anonymous functions?
iferianto
(Iferianto)
5
yes it does posible, thanks for the tips. i changed to this:
$this->widget('zii.widgets.grid.CGridView', array(
'id'=>'customer-grid',
'dataProvider'=>$model->search(),
'filter'=>$model,
'columns'=>array(
'customer_name',
array(
'class'=>'CButtonColumn',
'template'=>'{view}',
'buttons'=>array
(
'view' => array
(
'label'=>'Update',
'url'=>function($data){ return Yii::app()->createUrl("cust/edit", array("id"=>$data->custid));},
'imageUrl'=>Yii::app()->request->baseUrl.'/images/icon_select.gif',
'options'=>array('style'=>'width:10px; border:none'),
'click'=>'function(event) {
$.ajax({
url:$(this).attr("href"),
dataType: \'json\',
success: function(data){
$("#customerlist").dialog("open");
$("#Job_name").val(data.newjobno);
$("#customerlist").dialog("close");
}
});
event.preventDefault();
}',
),
),
),
),
));