vB_Utility_Template_ConditionParser
in package
uses
vB_Utility_Trait_NoSerialize
A helper parser for validating if conditionals this takes PHP code and verifies that it is a subset of PHP safe for use in templates. The purpose of this is to ensure that there is no way to create aribraty PHP code exploits from user data when evaluating templates.
To that end the following is absolutely prohibited.
- Assignement to variables. Other things that might change variables such as references.
- Any variable variables or functions $$var or $var()
- Any functions not on an explicit safe list
- Any shell escape operators
We are going to err on the side of not allowing anything that isn't obviously safe. The grammar the parser is based on (may not be up to date) C => M C => M OP M ... M => E M => E COP E E => POP E E => (C) E => F|V|L|A V => SV V => SV[C] ... A => array(PL) A => [PL] F => name(PL) PL => C PL => C, PL
SV => Simple variable like $x
L => literal value
OP => AND, &&, OR, ||, +,-,/,*,%
POP => !, +, -
Table of Contents
Methods
- __construct() : mixed
- __serialize() : array<string|int, mixed>
- __sleep() : array<string|int, mixed>
- __unserialize() : void
- __wakeup() : void
- validate() : bool|array<string|int, mixed>
Methods
__construct()
public
__construct(string $condition, array<string|int, mixed> $functions, string $templatevar) : mixed
Parameters
- $condition : string
- $functions : array<string|int, mixed>
- $templatevar : string
__serialize()
public
__serialize() : array<string|int, mixed>
Return values
array<string|int, mixed>__sleep()
public
__sleep() : array<string|int, mixed>
Return values
array<string|int, mixed>__unserialize()
public
__unserialize(mixed $serialized) : void
Parameters
- $serialized : mixed
__wakeup()
public
__wakeup() : void
validate()
public
validate() : bool|array<string|int, mixed>