Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

Native PHP 'math' drop-in replacement or 'no more eval()!'
Goto page Previous  1, 2
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Plugins
View previous topic :: View next topic  
Author Message
boots
Administrator


Joined: 16 Apr 2003
Posts: 5611
Location: Toronto, Canada

PostPosted: Mon May 12, 2003 5:21 am    Post subject: Reply with quote

Quote:
I can't think of a single case where using the standard distribution version is preferable to using aloner's plugin.


Okay, I spoke too soon--one of my very favourite cases isn't supported by compiler functions: modifiers!

So:

{math|round:"1" ....} is supported but
{s_math|round:"1" ....} is NOT.

Alas.
Back to top
View user's profile Send private message
aloner
Smarty Rookie


Joined: 24 Apr 2003
Posts: 24

PostPosted: Mon May 12, 2003 1:53 pm    Post subject: Reply with quote

Well, you can always assign result to vars. Smile
_________________
Your ad here.
Back to top
View user's profile Send private message
aloner
Smarty Rookie


Joined: 24 Apr 2003
Posts: 24

PostPosted: Mon May 12, 2003 1:55 pm    Post subject: Reply with quote

boots wrote:
aloner, your post got me to thinking that it might be useful if there was a smarty provided function that allowed plugin developers to check if their input parameters are "safe" instead of relying on plugin writers to roll their own checks. It wouldn't remove all the checking that a plugin writer needs to do, but it can at least provide a common place where typical injections get scanned.

Just a thought.


The problem here is that we need to check for list of allowed math functions here, which is quite specific check. So there are just two cases, where it will be useful - math and s_math (and any future math functions). Smile
_________________
Your ad here.
Back to top
View user's profile Send private message
boots
Administrator


Joined: 16 Apr 2003
Posts: 5611
Location: Toronto, Canada

PostPosted: Mon May 12, 2003 2:19 pm    Post subject: Reply with quote

@aloner: You mean like passing the generic function a list of entries allowed by the plugin?
Back to top
View user's profile Send private message
boots
Administrator


Joined: 16 Apr 2003
Posts: 5611
Location: Toronto, Canada

PostPosted: Mon May 12, 2003 3:53 pm    Post subject: Reply with quote

@aloner:

I've been running tests of multiple math implementations and I have been doing general tests using your updated compiler plugin.

Since you've added the enhancements from the {math} plugin, your code is not behaving properly anymore. In particular, it is no longer a drop in replacement for {math}.

Can you please ensure that the posted code is accurate compared to your working code? If there are still problems after that, I will email you some test cases.
Back to top
View user's profile Send private message
aloner
Smarty Rookie


Joined: 24 Apr 2003
Posts: 24

PostPosted: Mon May 12, 2003 7:19 pm    Post subject: Reply with quote

Please mail me test cases.

aloner@telephone.ru
_________________
Your ad here.
Back to top
View user's profile Send private message
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany

PostPosted: Mon Nov 24, 2003 8:52 am    Post subject: Reply with quote

i did a rainy-afternoon-boring-compiling-compiler-math-plugin yesterday.

[php:1:08b523b002]<?php

/**
* Smarty {math} compiler function plugin
*
* Type: compiler function<br>
* Name: math<br>
* Purpose: compute
* @link http://smarty.php.net/manual/en/language.function.math.php
* (Smarty online manual)
* @version 0.2
* @author messju mohr <messju@lammfellpuschen.de>
* @param array Format: array('equation' => string, ...)
* @param Smarty_Compiler
*/

function smarty_compiler_math($tag_args, &$compiler)
{

$_attrs = $compiler->_parse_attrs($tag_args);

/* check equation-attribute */
if (!isset($_attrs['equation'])) {
$compiler->_syntax_error('{math} missing equation-attribute');
return;
}

if (!preg_match('/\s*equation\s*=\s*('.$compiler->_qstr_regexp.')/s', $tag_args, $_match)) {
$compiler->_syntax_error('{math} equation-attribute has to be a constant string');
return;
}

$_equation = $compiler->_dequote($_match[1]);

/* save format-attribute */
if (isset($_attrs['format'])) {
$_format = $_attrs['format'];
unset($_attrs['format']);
} else {
$_format = null;
}

/* save assign-attribute */
if (isset($_attrs['assign'])) {
$_assign = $_attrs['assign'];
unset($_attrs['assign']);
} else {
$_assign = null;
}
unset($_attrs['equation']);

$_result = '';
/* handle optinal vars */
if (count($_attrs)>0) {
$_result .= '$__math_vars = array(';
$_equation = preg_replace('/\b('.implode('|', array_keys($_attrs)).')\b/', '$__math_vars.$1', $_equation);
$_sep = '';
foreach ($_attrs as $_key=>$_value) {
$_result .= "$_sep'$_key'=>$_value";
$_sep = ', ';
}
$_result .= ');';
}

/* compile equation */
$_code = $compiler->_compile_if_tag($_equation);
$_code = substr($_code, 10, -5);
$_code = str_replace('$this->_tpl_vars[\'__math_vars\']', '$__math_vars', $_code);


/* handle format-attribute */
if (isset($_format)) {
$_code = "sprintf($_format, $_code)";
}

/* handle assign-attribute */
if (isset($_assign))
$_result .= "\$this->assign($_assign, $_code);";
else {
$_result .= "echo $_code;";
}

if (count($_attrs)>0) {
$_result .= 'unset($__math_vars);';
}

return $_result;

}

/* vim: set expandtab: */

?>[/php:1:08b523b002]

the fun-part is parsing the equation: it uses the if-expression-parser. it should work with 2.5.0 and 2.6.0 at least. the idea is to use the same parsers for both {if} and {math} to ensure they follow the same syntax. i didn't test compatibility to the {math}-version of the distribution thoroughly. if somebody wants to test it's compatibility i'm interested in the results.

greetings
messju

[EDIT: fixed intermixed format and assign (copy+paste bug)]
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Plugins All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP