Replace eval usage in request processing with new WP_MatchesMapRegex() class usage. See #9602 props hakre.

git-svn-id: http://svn.automattic.com/wordpress/trunk@11853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2025-01-22 16:21:26 +01:00 · 2009-08-20 20:09:36 +00:00 · 2009-08-20 20:09:36 +00:00 · 15d31d9644
commit 15d31d9644
parent d28c67315a
2 changed files with 93 additions and 3 deletions
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@ -214,9 +214,9 @@ class WP {

 					// Trim the query of everything up to the '?'.
 					$query = preg_replace("!^.+\?!", '', $query);
-
+										
 					// Substitute the substring matches into the query.
-					eval("@\$query = \"" . addslashes($query) . "\";");
+					$query = addslashes(WP_MatchesMapRegex::apply($query, $matches));

 					$this->matched_query = $query;

@ -1592,4 +1592,94 @@ class WP_Ajax_Response {
 	}
 }

+/**
+ * Helper class to remove the need to use eval to replace $matches[] in query strings.
+ * 
+ * @since 2.9.0
+ */
+class WP_MatchesMapRegex {
+	/**
+	 * store for matches
+	 * 
+	 * @access private
+	 * @var array
+	 */
+	var $_matches;
+	
+	/**
+	 * store for mapping result
+	 * 
+	 * @access public
+	 * @var string
+	 */
+	var $output;
+	
+	/**
+	 * subject to perform mapping on (query string containing $matches[] references
+	 * 
+	 * @access private
+	 * @var string
+	 */
+	var $_subject;
+	
+	/**
+	 * regexp pattern to match $matches[] references 
+	 * 
+	 * @var string
+	 */
+	var $_pattern = '(\$matches\[[1-9]+[0-9]*\])'; // magic number
+	
+	/**
+	 * constructor
+	 * 
+	 * @param string $subject subject if regex
+	 * @param array  $matches data to use in map
+	 * @return self
+	 */						
+	function WP_MatchesMapRegex($subject, $matches) {
+		$this->_subject = $subject;
+		$this->_matches = $matches;
+		$this->output = $this->_map();				
+	}
+	
+	/**
+	 * Substitute substring matches in subject.
+	 * 
+	 * static helper function to ease use
+	 * 
+	 * @access public
+	 * @param string $subject subject
+	 * @param array  $matches data used for subsitution
+	 * @return string
+	 */
+	function apply($subject, $matches) {
+		$oSelf =& new WP_MatchesMapRegex($subject, $matches);
+		return $oSelf->output;																
+	}
+	
+	/**
+	 * do the actual mapping 
+	 * 
+	 * @access private
+	 * @return string
+	 */
+	function _map() {
+		$callback = array(&$this, 'callback');
+		return preg_replace_callback($this->_pattern, $callback, $this->_subject);
+	}
+	
+	/**
+	 * preg_replace_callback hook
+	 * 
+	 * @access public
+	 * @param  array $matches preg_replace regexp matches
+	 * @return string
+	 */
+	function callback($matches) {
+		$index = intval(substr($matches[0], 9, -1));
+		return ( isset( $this->_matches[$index] ) ? $this->_matches[$index] : '' );
+	}
+	
+}
+
 ?>
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@ -299,7 +299,7 @@ function url_to_postid($url) {
 			$query = preg_replace("!^.+\?!", '', $query);

 			// Substitute the substring matches into the query.
-			eval("\$query = \"" . addslashes($query) . "\";");
+			$query = addslashes(WP_MatchesMapRegex::apply($query, $matches));
 			// Filter out non-public query vars
 			global $wp;
 			parse_str($query, $query_vars);