Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am trying to execute PHP code in XML Below is the code is there better way of executing as we are using eval and far as I know it degrade the performance 80-85% as it is supposed to be used by browser.
function processing_instruction($inParser, $inTarget, $inCode) {
if ($inTarget === 'php') {
eval($inCode);
}
}
Is the code you are running so varied that it can’t be decided upon as a series of files to be included on demand or a XML-RPC style function call? There is generally very little to gain by allowing arbitrary code execution, and that’s before you consider the staggering amount you stand to lose.
If there is a finite, predictable number of things these files could possibly do, I would Strongly recommend taking the time to create a semi-generic XML-RPC interface (or at least a series of files that you could specify in the XML file and then include on-the-fly, perhaps after setting some environment variables, depending on your coding style) and using that.
The number of risks you take when creating a portal to
eval()are nigh innumerable.I had considered providing some examples here, but XML-RPC ought to be a well enough known concept that my doing so is altogether unnecessary.