Changed to catch any parse errors If PHP 7 is used by the Staticpage …

…(improvement #1038)
Geeklog-Core · Mar 9, 2020 · 6b2e19d · 6b2e19d
1 parent 71887d0
commit 6b2e19d
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 13 deletions.
diff --git a/language/english.php b/language/english.php
@@ -187,6 +187,7 @@
     141 => 'An Error Occurred',
     142 => 'Unfortunately, an error has occurred rendering this page. Please try again later.',
     143 => 'Comment (%d)',
+    144 => 'Parse Error.  An error occurred while parsing PHP code.',
     'loginform' => "<a href=\"{$_CONF['site_url']}/users.php\">Login Here</a>",
     'remoteloginoptions' => "Remote Login Options",
     'facebook' => 'Login with Facebook',

diff --git a/language/english_utf-8.php b/language/english_utf-8.php
@@ -187,6 +187,7 @@
     141 => 'An Error Occurred',
     142 => 'Unfortunately, an error has occurred rendering this page. Please try again later.',
     143 => 'Comment (%d)',
+    144 => 'Parse Error.  An error occurred while parsing PHP code.',
     'loginform' => "<a href=\"{$_CONF['site_url']}/users.php\">Login Here</a>",
     'remoteloginoptions' => "Remote Login Options",
     'facebook' => 'Login with Facebook',

diff --git a/language/japanese_utf-8.php b/language/japanese_utf-8.php
@@ -195,6 +195,7 @@
     141 => 'エラーが発生しました',
     142 => 'このページを表示する際にエラーが発生しました。しばらくしてから、もう一度お試しください。',
     143 => 'コメント (%d件)',
+    144 => 'パースエラー。PHPコードをパースする際にエラーが発生しました。',
     'loginform' => "<a href=\"{$_CONF['site_url']}/users.php\">ログイン</a>",
     'remoteloginoptions' => 'リモートログイン',
     'facebook' => 'Facebookでログイン',

diff --git a/plugins/staticpages/functions.inc b/plugins/staticpages/functions.inc
@@ -2099,16 +2099,7 @@ function SP_render_content($A)
     }
 
     if ($_SP_CONF['allow_php'] == 1) {
-        // Check for type (ie html or php)
-        if ($sp_php == 1) {
-            $sp_content = eval($page_data);
-        } elseif ($sp_php == 2) {
-            ob_start();
-            eval($page_data);
-            $sp_content = ob_get_contents();
-            ob_end_clean();
-        }
-
+        COM_handleEval($page_data, $sp_php);
         $sp_content = PLG_replaceTags($sp_content, '', false, 'staticpages', $sp_id);
     } else {
         if ($sp_php != 0) {

diff --git a/public_html/lib-common.php b/public_html/lib-common.php
@@ -9159,6 +9159,51 @@ function COM_getInstallDir()
     return is_dir($installDir) ? $installDir : '';
 }
 
+/**
+ * PHP's eval() function improved
+ *
+ * @param   string  $code
+ * @param   int     $type  1 = PHP, 2 = HTML
+ * @return  string
+ */
+function COM_handleEval($code, $type = 1)
+{
+    global $LANG01;
+
+    $type = (int) $type;
+    $errorMessage = '';
+    $output = '';
+
+    if (strpos($code, '?>') !== 0) {
+        $code = '?>' . $code;
+    }
+
+    if ($type === 2) {
+        ob_start();
+    }
+
+    if (version_compare(PHP_VERSION, '7.0.0', '<')) {
+        $output = eval($code);
+
+        if ($output === false) {
+            $errorMessage = $LANG01[144];
+        }
+    } else {
+        try {
+            $output = eval($code);
+        } catch (ParseError $e) {
+            COM_errorLog(__FUNCTION__ . ': ' . $e->getMessage());
+            $errorMessage = $LANG01[144];
+        }
+    }
+
+    if ($type === 2) {
+        $output = ob_get_clean();
+    }
+
+    return empty($errorMessage) ? $output : $errorMessage;
+}
+
 // Check and see if any plugins (or custom functions)
 // have scheduled tasks to perform
 if (!isset($_VARS['last_scheduled_run']) || !is_numeric($_VARS['last_scheduled_run'])) {

diff --git a/system/classes/template.class.php b/system/classes/template.class.php
@@ -875,9 +875,7 @@ public function subst($varName)
                 return '';
             }
 
-            ob_start();
-            eval('?>' . $templateCode . '<?php ');
-            $str = ob_get_clean();
+            $str = COM_handleEval($templateCode, 2);
 
             return $str;
         }