我正在使用一个系统,其中所有PHP代码都存储在数据库中,以允许动态更改它。现在代码本身在页面上显示时效果非常好,但是当使用AJAX调用相同的代码时,它会返回错误500.我已经尝试启用display_errors,没有骰子,这一切都归结为eval语句,如果它如果不是脚本运行正常,我会收到500错误。
<?php
global $objPDO;
$objSnippet = $_REQUEST["snippetname"];
$objVariables = $_REQUEST["snippetvariables"];
//var_dump($objPDO);
if ($objSnippet == "XHubDiscussion") {
$objPDOStatement = $objPDO->prepare("SELECT snippet FROM modx_site_snippets WHERE name = :name LIMIT 1");
$objPDOStatement->bindParam(":name", $objSnippet, PDO::PARAM_STR);
if ($objPDOStatement->execute()) {
$arrSnippet = $objPDOStatement->fetch(PDO::FETCH_ASSOC);
extract($objVariables);
//var_dump($arrSnippet);
if (FALSE === eval($arrSnippet["snippet"])) {
var_dump("dis also be ronk");
}
} else {
var_dump("Ronk!");
}
}
?>
是的我已经对其他所有内容进行了三重检查,如果eval被评论出来,它反应完全正常。执行的代码:
<?php
require_once($_SERVER["DOCUMENT_ROOT"] . "/assets/snippets/xhub/xhub.snippet.php");
global $arrXHubUserCollection;
$objXHubS = new xHub\security;
$intPageID = $modx->documentIdentifier;
if (isset($intXHubPageID)) {
$intPageID = (int)$intXHubPageID;
}
$arrXHubThread = $objXHubS->DiscussionGetThreads(array($intPageID));
$arrMessageFetch = array((int)$arrXHubThread[0]["id"]);
if (isset($intXHubPosttime)) {
$arrMessageFetch[] = (int)$intXHubPosttime;
}
$arrXHubMessages = $objXHubS->DiscussionGetMessages($arrMessageFetch);
$arrXHubUserGroupRelation = $objXHubS->DashboardMessageControl("UserGetGroupRelationship", array());
$strPageViewer = '<div class="clear XHubPageViewer" style="padding:10px;"></div>';
if (!isset($intXHubPosttime)) {
echo XHubTraverseMessages($arrXHubThread, false);
echo $strPageViewer;
echo '<div id="XHubConversation">';
}
echo XHubTraverseMessages($arrXHubMessages, true);
if (!isset($intXHubPosttime)) {
echo '</div>';
echo $strPageViewer;
if (is_array($arrXHubUserGroupRelation)) {
echo '<div class="EPcomment XHubEditField" style="position:inline;z-index:1000;display:block;border-radius:10px;border:1px solid #C7D7D3;background-color:#DEEBE8;margin:0px;padding:0px;">
<div>
<a onclick="XHubMessageEditor(this.parentNode.parentNode);" href="javascript:;" class="ButtonYellowSmall">Bearbeiten!</a>
</div>
<div>
<textarea style="width:97%;"></textarea>
</div>
</div>';
}
}
function XHubTraverseMessages ($arrMessages, $blnXHubComment) {
global $arrXHubUserCollection, $objXHubS;
$strMessageAssembly = "";
foreach ($arrMessages as $arrMessage) {
$intXHubUserID = (int)$arrMessage["postid"];
if (!isset($arrXHubUserCollection[$intXHubUserID])) {
$arrXHubUser = $objXHubS->DashboardRetrieve(array($intXHubUserID));
$arrXHubUser["username"][0] = $objXHubS->UserGetNameFromID($intXHubUserID);
$arrXHubUser["userid"][0] = $intXHubUserID;
$arrXHubUserCollection[$intXHubUserID] = $arrXHubUser;
}
$strMessageAssembly .= XHubCreateMessageField($arrMessage, $arrXHubUserCollection[$intXHubUserID], $blnXHubComment);
}
return $strMessageAssembly;
}
function XHubCreateMessageField ($arrMessage, $arrUser, $blnXHubComment) {
$strXHubDebatArrow = '<div class="DebatArrow"> </div>';
$strXHubCommentArrow = '<div class="EPcommentArrow"> </div>';
$strXHubThreadBox = '<div class="BoxGreen width500 right Debatbox MessageField">';
$strXHubCommentBox = '<div class="EPcomment BoxGray MessageField"><p class="lefttop">Antwort</p>';
$strXHubMessageContainer = '<div class="clear' . ($blnXHubComment ? " XHubMessages" : " XHubInitThread") . '" id="' . $arrMessage["id"] . ($blnXHubComment ? "" : "D") . '">';
$strXHubMessage = ($blnXHubComment ? $strXHubCommentBox : $strXHubThreadBox) .
'<div class="XHubPostTime" style="display:none">' . $arrMessage["posttime"] . '</div>' .
'<p class="righttop">' . date("d-m-Y", $arrMessage["posttime"]) . ' um ' . date("H:i", $arrMessage["posttime"]) . ' Uhr</p>' .
'<p class="message">' . $arrMessage["message"] . '</p>'
. ($blnXHubComment ? $strXHubCommentArrow : $strXHubDebatArrow ) .
'</div>';
$strXHubUser = '
<div class="epUser">
<p class="username"><a href="expertenpanel/benutzer/' . $arrUser["username"][0] . '" target="_blank">' . $arrUser["username"][0] . '</a></p>
<img class="profilbild" src="' . $arrUser["imglink"][0] . '" />
[[getExpertenInfo? &userID=`' . $arrUser["userid"][0] . '` &type=`logo`]]
<p class="userinfo">
<span class="status">[[getExpertenInfo? &userID=`' . $arrUser["userid"][0] . '` &type=`status`]]</span>
[[getExpertenInfo? &userID=`' . $arrUser["userid"][0] . '` &type=`showPunkte`]]
</p>
</div>
';
$strXHubMessageContainer .= ($blnXHubComment ? $strXHubMessage . $strXHubUser : $strXHubUser . $strXHubMessage);
$strXHubMessageContainer .= '</div>';
return $strXHubMessageContainer;
}
?>
答案 0 :(得分:2)
这是一个古老的问题,但希望它可以帮助某人 所有必须被唤醒的代码必须进行转义和引用,如下所示:
@eval("\$varA = \"$varB\";");
如果它像下面那样会失败:
@eval("\$varA = $varB;");
正如PHP.net所说使用“eval”是危险的,所以除非确实需要,否则请确保不要使用它。