1: <?php
2:
3: /**
4: * This variable parser uses PHP's internal code engine. Because it does
5: * this, it can represent all inputs; however, it is dangerous and cannot
6: * be used by users.
7: */
8: class HTMLPurifier_VarParser_Native extends HTMLPurifier_VarParser
9: {
10:
11: protected function parseImplementation($var, $type, $allow_null) {
12: return $this->evalExpression($var);
13: }
14:
15: protected function evalExpression($expr) {
16: $var = null;
17: $result = eval("\$var = $expr;");
18: if ($result === false) {
19: throw new HTMLPurifier_VarParserException("Fatal error in evaluated code");
20: }
21: return $var;
22: }
23:
24: }
25:
26: // vim: et sw=4 sts=4
27: