fields['source'] = 'longstring';
$this->fieldMapping = $this->field_mapping($this->fields);
}
function editor(){
if($this->source == '') $this->source = '//tableau des données du précédent élement'.PHP_EOL.'return $data; ';
$html = ' - Données disponibles dans $data, filtres dans $filters
Exécuter
';
return $html;
}
function preview($data = array(),$filters = array()){
$response = array('data'=>array());
ob_start();
$source = html_entity_decode($this->source,ENT_QUOTES);
$forbidden = self::forbidden($source);
if(count($forbidden)!=0) throw new Exception("Mot clés interdits: ".implode(',',$forbidden));
eval('$method = function($data,$filters){'.$source.'};');
$output = ob_get_clean();
if($output!='') throw new Exception(strip_tags($output));
$response['data'] = $method($data,$filters);
return $response;
}
//Fonction de sécurisation du eval, evite toutes les fonctions non spécifiées ci dessous et toutes les intrcutions type include, class...
public static function forbidden($source){
$ignore_terms = array();
////Ajoute des fonctions autorisées dans les traitements statistiques ex : $ignore_terms[] = 'Plugin::need'; $ignore_terms[] = 'Business::amount';
Plugin::callHook('statistic_allowed_macro',array(&$ignore_terms));
$source = str_replace($ignore_terms,'',$source);
$tokens = token_get_all('');
$forbiddens = array();
$allowed_functions_generic = array(
'ucfirst',
'strto.*',
'str_.*',
'date',
'intval',
'count',
'time',
'array_.*',
'base64_*',
'.sort',
'asort',
'sort',
'addslashes',
'json_decode',
'json_encode',
'implode',
'explode',
'utf8_decode',
'utf8_encode',
'html_entity_decode',
'htmlspecialchars',
'strip_tags',
'is_null',
'is_int',
'substr',
'max',
'true',
'false',
'null',
'strlen',
'round',
'in_array',
'is_numeric'
);
$allowed_functions_specific = array(
'__ROOT__',
'PLUGIN_PATH',
'SLASH',
'html_decode_utf8',
'Dictionary',
'fullName',
'loadAll',
'getById',
'bySlug',
'slugToArray',
'id',
'label',
'value',
'color',
'Partner',
'Product',
'number_format',
'display_price',
'ranking',
'function'
);
$allowed_functions = array_merge($allowed_functions_generic, $allowed_functions_specific);
foreach($tokens as $i=>$token){
if(is_string($token))continue;
list($id, $text,$line) = $token;
if(in_array($id, array(T_FUNCTION,T_FUNC_C,T_EVAL,T_STRING))){
$allowed = false;
foreach ($allowed_functions as $function) {
preg_match('/'.$function.'/i', $text, $matches);
if(count($matches)!=0){
$allowed = true;
break;
}
}
if(!$allowed) $forbiddens[] = $text.' L'.$line.token_name($id);
}
if(in_array($id, array(
T_INCLUDE,
T_EXTENDS,
T_CLONE,
T_EXIT,
T_GLOBAL,
T_HALT_COMPILER,
T_IMPLEMENTS,
T_INCLUDE_ONCE,
T_REQUIRE,
//T_REQUIRE_ONCE,
T_IMPLEMENTS
)
)){
$forbiddens[] = $text.' L'.$line;
}
}
return $forbiddens;
}
}
?>