1<?php 2 3/** 4 * This variable parser uses PHP's internal code engine. Because it does 5 * this, it can represent all inputs; however, it is dangerous and cannot 6 * be used by users. 7 */ 8class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser 9{ 10 11 /** 12 * @param mixed $var 13 * @param int $type 14 * @param bool $allow_null 15 * @return null|string 16 */ 17 protected function parseImplementation($var, $type, $allow_null) 18 { 19 return $this->evalExpression($var); 20 } 21 22 /** 23 * @param string $expr 24 * @return mixed 25 * @throws HTMLPurifier_VarParserException 26 */ 27 protected function evalExpression($expr) 28 { 29 $var = null; 30 $result = eval("\$var = $expr;"); 31 if ($result === false) { 32 throw new HTMLPurifier_VarParserException("Fatal error in evaluated code"); 33 } 34 return $var; 35 } 36} 37 38// vim: et sw=4 sts=4 39