From bec9690ff519d33d7ef3f0c8f8f8cf72b4ef059d Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 20 May 2013 14:52:36 -0400
Subject: [PATCH] Improve some options description

---
 program/include/rcmail_output_html.php |   42 +++++++++++++++++++++---------------------
 1 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index 3e0a4e6..02eef2f 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -759,14 +759,15 @@
 
 
     /**
-     * Parses expression and replaces variables
+     * Parse & evaluate a given expression and return its result.
      *
-     * @param  string Expression statement
-     * @return string Expression value
+     * @param string Expression statement
+     *
+     * @return mixed Expression result
      */
-    protected function parse_expression($expression)
+    protected function eval_expression ($expression)
     {
-        return preg_replace(
+        $expression = preg_replace(
             array(
                 '/session:([a-z0-9_]+)/i',
                 '/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
@@ -785,22 +786,21 @@
                 "\$browser->{'\\1'}",
                 $this->template_name,
             ),
-            $expression);
-    }
-    
-    /**
-     * Evaluate a given expression and return its result.
-     * @param  string Expression statement
-     */
-    protected function eval_expression ($expression) {
-        // Prevent function calls in `expression`:
-        $expression = str_replace("\n", "", $expression);
-        if(preg_match('#\w+ \s* (/\* .* \*/)* \s* \(#ix', $expression))
-            return false;
+            $expression
+        );
 
-        // Evaluate expression:
-        $expression = $this->parse_expression($expression);
         $fn = create_function('$app,$browser,$env', "return ($expression);");
+        if (!$fn) {
+            rcube::raise_error(array(
+                'code' => 505,
+                'type' => 'php',
+                'file' => __FILE__,
+                'line' => __LINE__,
+                'message' => "Expression parse error on: ($expression)"), true, false);
+
+            return null;
+        }
+
         return $fn($this->app, $this->browser, $this->env);
     }
 
@@ -854,7 +854,7 @@
             // show a label
             case 'label':
                 if ($attrib['expression'])
-                    $attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";");
+                    $attrib['name'] = $this->eval_expression($attrib['expression']);
 
                 if ($attrib['name'] || $attrib['command']) {
                     // @FIXME: 'noshow' is useless, remove?
@@ -986,7 +986,7 @@
 
             // return code for a specified eval expression
             case 'exp':
-                return html::quote( $this->eval_expression($attrib['expression']) );
+                return html::quote($this->eval_expression($attrib['expression']));
 
             // return variable
             case 'var':

--
Gitblit v1.9.1