Some Patch For Eval In Ccomponent.php

Some Patch For Eval In Ccomponent.php Apply patch for CComponent.php , avoid eval function Rate Topic:

#1 Imam Ferianto

Newbie

Group: Members
Posts: 4
Joined: 31-March 12

Posted 06 March 2013 - 12:05 PM

Hello all,
Sorry for my bad english. I have some modified File in framework/base/CComponent.php
to run Yii on restricted eval environtment (something like php_suhosin ).
Hopelly this can help someone has similar problem with me.
before patch I cannot use:

 'value'=>'$data->frx0->columnx'

with this patch calling eval variable will worked on restricted eval environtment

You can replace function evaluateExpression with this patch:

	public function evaluateExpression($_expression_,$_data_=array())
	{
		if(is_string($_expression_))
		{
			$key=str_replace("\$data->","",$_expression_);
			if(preg_match("/-\>/",$key)){
			  $data=$_data_['data'];
			  $var=explode("->",$key);
			  foreach($var as $key){
				if(isset($data->$key)) $data=$data->$key;
			  }
			  return $data;
			}elseif(!empty($key)) return   $_data_['data']->$key;
			else return null;
		}
		else
		{
			$_data_[]=$this;
			return call_user_func_array($_expression_, $_data_);
		}
	}

#2 samdark

Having fun

Group: Yii Dev Team
Posts: 2,680
Joined: 17-January 09
Location:Russia

Posted 06 March 2013 - 12:37 PM

If you're on PHP 5.3+ you can use:

'value'=> function($data) {
  return $data->frx0->columnx;
}

Yii 1.1 Application Development Cookbook

#3 Imam Ferianto

Newbie

Group: Members
Posts: 4
Joined: 31-March 12

Posted 06 March 2013 - 09:29 PM

samdark, on 06 March 2013 - 12:37 PM, said:

If you're on PHP 5.3+ you can use:

'value'=> function($data) {
  return $data->frx0->columnx;
}

Hi sam thanks, I see that is short solution.
I wonder if Yii can run on restricted eval (suhosin) without some modification.
In my side

 $this->widget('zii.widgets.grid.CGridView'

the button update,view,delete is not working, because its call some eval() or evaluateExpression()
function I believe, how to solve this?

#4 samdark

Having fun

Group: Yii Dev Team
Posts: 2,680
Joined: 17-January 09
Location:Russia

Posted 07 March 2013 - 05:15 AM

Change all evals to anonymous functions?

Yii 1.1 Application Development Cookbook

#5 Imam Ferianto

Newbie

Group: Members
Posts: 4
Joined: 31-March 12

Posted 07 March 2013 - 11:17 PM

samdark, on 07 March 2013 - 05:15 AM, said:

Change all evals to anonymous functions?

yes it does posible, thanks for the tips. i changed to this:

$this->widget('zii.widgets.grid.CGridView', array(
    'id'=>'customer-grid',
    'dataProvider'=>$model->search(),
    'filter'=>$model,
    'columns'=>array(
        'customer_name',
        array(
            'class'=>'CButtonColumn',
            'template'=>'{view}',
            'buttons'=>array
            (
                'view' => array
                (
                    'label'=>'Update',
                    'url'=>function($data){ return Yii::app()->createUrl("cust/edit", array("id"=>$data->custid));},
                    'imageUrl'=>Yii::app()->request->baseUrl.'/images/icon_select.gif',
                    'options'=>array('style'=>'width:10px; border:none'),
                    'click'=>'function(event) { 
                        $.ajax({
                            url:$(this).attr("href"),
                            dataType: \'json\',
                            success: function(data){
                                $("#customerlist").dialog("open");
                                $("#Job_name").val(data.newjobno); 
                                $("#customerlist").dialog("close");
                            }
                        });                     
                        event.preventDefault();
                    }',
                ),      
            ),
        ),
       ),
));