Site Tools


eval
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


eval [2007/02/12 22:51] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +======Synopsis:======
 +[[eval]] //<block>//
 +
 +======Description:======
 +[[Eval]] treats its arguments as a [[block statement|ircii_syntax]] and
 +executes it.  Generally the only place you need to use [[eval]] is at the 
 +input prompt.  Normally the commands you type at the input prompt are treated 
 +as command statements that already expanded;  If you wish to put $-expandos
 +in your statement and have them substituted, you would not ordinarily have
 +any way to do that.  But the [[eval]] command provides for this.
 +
 +This is the reason why using [[eval]] in a script is so dangerous.  Because
 +command statements are expanded before the command is executed, it is 
 +possible for dangerous text to be included in the argument list.  You must
 +never pass to [[eval]] anything that contains text from an untrusted 
 +source (ie, from the server)
 +
 +But for a more concrete example, [[eval]] allows you to indirectly reference
 +variables, but only if you're careful about it:
 +
 + if (1) {
 +    @ variable = 'this is some text';
 +    @ indirect = '$variable';
 +    echo $indirect;
 +    eval echo $indirect
 + };
 +
 +The output of these two echos are:
 +
 + $variable
 + this is some text
 +
 +Why does this work?  Because ircII expands $'s in the command and then splits
 +it into a command and an argument:
 +
 + eval echo $indirect
 +
 +expands to:
 +
 + eval echo $variable
 +
 +and the [[eval]] command expands the arguments, and runs them:
 +
 + "eval" + "echo $variable"
 +
 +becomes
 +
 + "eval" + "echo this is some text"
 +
 +and this results in the second line of output.  You have to be very careful
 +about this, because if you [[eval]] a string that comes from an untrusted
 +source, someone could take over your client.  Consider this:
 +
 + on public * {eval echo $*}
 +
 +Now consider if someone says "hi there!;exec rm -rf ~"
 +
 + "eval echo $*"
 +
 +becomes
 +
 + "eval echo hi there!;exec rm -rf ~"
 +
 +which becomes
 +
 + "eval" + "echo hi there!;exec rm -rf ~"
 +
 +If this occurs, epic will dutifully remove all your files.  **BE CAREFUL!**
 +Do not use [[eval]] without a very good reason!
 +
 +======History:======
 +
  
eval.txt · Last modified: 2007/02/12 22:51 by 127.0.0.1