Permalink
Browse files

Replace eval usage in request processing with new WP_MatchesMapRegex(…

…) class usage. Fixes #9602 for 2.8 branch props hakre.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent 1455cc4 commit 89e9aea34f5aa0a399b9c6cef5eb0947d8d7dcd4 westi committed Aug 28, 2009
Showing with 93 additions and 3 deletions.
  1. +92 −2 wp-includes/classes.php
  2. +1 −1 wp-includes/rewrite.php
View
@@ -214,9 +214,9 @@ function parse_request($extra_query_vars = '') {
// Trim the query of everything up to the '?'.
$query = preg_replace("!^.+\?!", '', $query);
-
+
// Substitute the substring matches into the query.
- eval("@\$query = \"" . addslashes($query) . "\";");
+ $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
$this->matched_query = $query;
@@ -1592,4 +1592,94 @@ function send() {
}
}
+/**
+ * Helper class to remove the need to use eval to replace $matches[] in query strings.
+ *
+ * @since 2.9.0
+ */
+class WP_MatchesMapRegex {
+ /**
+ * store for matches
+ *
+ * @access private
+ * @var array
+ */
+ var $_matches;
+
+ /**
+ * store for mapping result
+ *
+ * @access public
+ * @var string
+ */
+ var $output;
+
+ /**
+ * subject to perform mapping on (query string containing $matches[] references
+ *
+ * @access private
+ * @var string
+ */
+ var $_subject;
+
+ /**
+ * regexp pattern to match $matches[] references
+ *
+ * @var string
+ */
+ var $_pattern = '(\$matches\[[1-9]+[0-9]*\])'; // magic number
+
+ /**
+ * constructor
+ *
+ * @param string $subject subject if regex
+ * @param array $matches data to use in map
+ * @return self
+ */
+ function WP_MatchesMapRegex($subject, $matches) {
+ $this->_subject = $subject;
+ $this->_matches = $matches;
+ $this->output = $this->_map();
+ }
+
+ /**
+ * Substitute substring matches in subject.
+ *
+ * static helper function to ease use
+ *
+ * @access public
+ * @param string $subject subject
+ * @param array $matches data used for subsitution
+ * @return string
+ */
+ function apply($subject, $matches) {
+ $oSelf =& new WP_MatchesMapRegex($subject, $matches);
+ return $oSelf->output;
+ }
+
+ /**
+ * do the actual mapping
+ *
+ * @access private
+ * @return string
+ */
+ function _map() {
+ $callback = array(&$this, 'callback');
+ return preg_replace_callback($this->_pattern, $callback, $this->_subject);
+ }
+
+ /**
+ * preg_replace_callback hook
+ *
+ * @access public
+ * @param array $matches preg_replace regexp matches
+ * @return string
+ */
+ function callback($matches) {
+ $index = intval(substr($matches[0], 9, -1));
+ return ( isset( $this->_matches[$index] ) ? $this->_matches[$index] : '' );
+ }
+
+}
+
?>
View
@@ -299,7 +299,7 @@ function url_to_postid($url) {
$query = preg_replace("!^.+\?!", '', $query);
// Substitute the substring matches into the query.
- eval("\$query = \"" . addslashes($query) . "\";");
+ $query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
// Filter out non-public query vars
global $wp;
parse_str($query, $query_vars);

0 comments on commit 89e9aea

Please sign in to comment.