How avoid running eval's functions in Yii metods?

Yii 1.1 General Discussion
1

As many know, Yii uses the eval function in some of its methods. I want to make a web application using Yii, and this will run in a freehost and as far as I know, the vast majority of freehost disable the use of eval.

Is it possible to avoid running the eval’s, avoiding using certain features? If so which ones?. Can I override some of them?

The following is a list of uses of eval in Yii 1.1.9

Beforehand, thank you very much for your future answers.

2

Actually, Yii allow you to use php expressions that could be evaluated, but Yii not restricts you to do things only in this way. With php 5.3.6 you can easily use anonymous functions to avoid eval’s execution.

Small example. As you know access control filter allow to specify expression option. If you define it as string that will require eval()


'expression' => '$user->id == 1'

, but you can replace it with:




'expression' => function($user) {

  return $user->id == 1;

}
3

Yiii is amazing! … and your fast answer too Team Weavora! thank you very much. This is probably the best way (and even a little more performance). If I not misunderstood what you said the use of eval in Yii metods is optional and only applies to parameters that we will we pass to certain methods.

By the way, I forget to said it, but if possible I would like that my application could run in php 5.2.

Basically I would need to use:

  • Authentication (only one type of user: "Registered." Roles not required)

  • Filters.

  • Events.

  • i18n

It’s not imprensindible, but it would be nice be able to use:

  • Components.

  • Fragment Cache.

  • Dynamic Content

4

For PHP 5.2 you could use regular functions/methods instead of expressions or anonymous functions:





// handle by static className::staticMethodName

'expression' => array('className','staticMethodName')


// handle by non-static className::staticMethodName

'expression' => array($classNameInstance,'methodName')


// handle by function

'expression' => array('functionName')




// example for access controll


class User extends CActiveRecord 

  ..

  public static function isAdmin($user) {

    return $user->id == 1;

  }

  ...


class MyController 

  ...

  public function accessRules

    ...

    'expression' => array('User','isAdmin')
5

Just what I need. It seems Yii is the right framework for my proyect and I don´t understand why someones complain about Yii using eval.

Again thank you very much Weavora Team.