Code whithout "Evil"

[NorHei]

German thread is here:
http://www.websitebaker2.org/forum/index.php/topic,22866.0.html

"Eval is evil"

So i made a Code module that runs whitout using "eval". Basically it creates files from all codesections entered into database. So you can include these files instead of using eval() to process them.
Some of the sideffects are that the code should be processed much faster and that its quite a bit more save.  In addidtion  i revoved the "<?php ?>" filter , so you can now use Php based Tempaltes or HTML or Javascript stuff in your Code modul.

Here you can download  version 5.1 for testing:
http://my-baker.net/pages/downloads.php  

The Tempoary files are created the first time when the page is called and deleted when Page is edited.
The Module should be 100% compatible whith the old module as the data is stored in the same database.

Have Fun

[pcwacht]

Clever idea!!

Could something like this can be done with droplets I wonder...


John

[NorHei]

Thats the next step

[Ruud]

Sorry, I don't get it.

Eval is evil, but only when there is user input sent to eval().
If you would consider the input in the WB backend as "user input" than it can be called a risk. (tip: do not allow webmasters to edit code pages)

The "solution" given here does exactly the same as eval().
It takes the input php code and just executes the code just like eval() would have done.

If I would write in a code page a database query to drop all tables, it does not matter if this command is executed by including it into the runing view.php or by eval(). It will do the same thing.

[NorHei]

You are right basically the code module is unsecure by design, but the main reason for me to remove eval was that its slow like hell and cannot be cached by server based opcode cache.

"Eval is evil" is a common statemant on many  php boards and discussions so its just a nice title.

Another thing is that eval has a few bugs in several older php versions and sometimes can be abused, but thats only a minor reason.
Btw, still many pepole say that eval is evil anyway and using eval is really bad coding style.

[pcwacht]

And it enhances the code use.

Since it is included the variables etc are usable even after the included code, wich still is a major difference with evaled code or the even bigger different way droplets handles it.


Allso nice sideeffect is the usability of plain html etc, no more echo-ing.

I really do like it, did I said this before?


John

[NorHei]

Das Code2-Modul wäre damit überflüssig?
Hast du da auch einen Schalter für big und small was die Content-Höhe angeht?

In German thread someone stated that he is missing the smalll/big code field from Code2 especially if using many blocks one page.

Personally i really like the Edit Area editor, basic code offers.  But i never liked the separation of  HTML, PHP, Javascript  and comments. Personally i prefer having everything in one Field.

To me it seems to be a good Idea to have the option to use the editor or not to use is stored in each page  and i like the idea of adding the smalll/big option. What do you pepole think?

[Argos]

The eval discussion is abacadrabra for me, but I do like the small/big option in the Code2 module. I wished WYSIWIG fields had that option 2 as well, as sections sometimes contain just a little content.

[Stefek]

as sections sometimes contain just a little content.

Yes, right.
Sometimes as little as just a droplet call.

 

Kind regards,
Stefek

[Tez Oner]

'Updated' code module and got this message in frontend on page:

Code:

Modul Code: Cannot access/create directory /temp/modules/code
Cannot access datafile: demosite.vanallerlei.com/temp/modules/code/section_41.php.inc

Cheerz,

Tez

[NorHei]

Normally that indicates that you don't have write acces to /temp folder , or maybe deleted temp folder accidentally.

[NorHei]

New Version 5.2:
http://my-baker.net/pages/downloads.php

According to german thread, the last version was not functional whith multiple sections.
There was was a "include_once" in a place where it schould be an "include" .
This one fixes the problem.