Menu
▾
▴
Re: [Rdfapi-php-interest] SparqlEngine / regex passes?
|
From: <au...@in...> - 2007-01-26 00:01:02
|
Christian Weiske wrote:
> The current implementation makes it IMO not possible to close the hole
> fully.
Why not extracting all function-calls from the string and comparing with
an array of allowed functions, e.g.:
preg_match_all('/\s([A-Z0-9_]+)\(/i',$evalstr,$matches);
if(array_diff($matches[1],$allowedFuncs))
// denied function call
I admit a bit quick and dirty (maybe "" enclosed strings should also be
extracted from $evalstr first), but it should work, as I understand the
problem...
Sören
|
