eval
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | eval [2007/02/12 22:51] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ======Synopsis: | ||
+ | [[eval]] //< | ||
+ | |||
+ | ======Description: | ||
+ | [[Eval]] treats its arguments as a [[block statement|ircii_syntax]] and | ||
+ | executes it. Generally the only place you need to use [[eval]] is at the | ||
+ | input prompt. | ||
+ | as command statements that already expanded; | ||
+ | in your statement and have them substituted, | ||
+ | any way to do that. But the [[eval]] command provides for this. | ||
+ | |||
+ | This is the reason why using [[eval]] in a script is so dangerous. | ||
+ | command statements are expanded before the command is executed, it is | ||
+ | possible for dangerous text to be included in the argument list. You must | ||
+ | never pass to [[eval]] anything that contains text from an untrusted | ||
+ | source (ie, from the server) | ||
+ | |||
+ | But for a more concrete example, [[eval]] allows you to indirectly reference | ||
+ | variables, but only if you're careful about it: | ||
+ | |||
+ | if (1) { | ||
+ | @ variable = 'this is some text'; | ||
+ | @ indirect = ' | ||
+ | echo $indirect; | ||
+ | eval echo $indirect | ||
+ | }; | ||
+ | |||
+ | The output of these two echos are: | ||
+ | |||
+ | $variable | ||
+ | this is some text | ||
+ | |||
+ | Why does this work? Because ircII expands $'s in the command and then splits | ||
+ | it into a command and an argument: | ||
+ | |||
+ | eval echo $indirect | ||
+ | |||
+ | expands to: | ||
+ | |||
+ | eval echo $variable | ||
+ | |||
+ | and the [[eval]] command expands the arguments, and runs them: | ||
+ | |||
+ | " | ||
+ | |||
+ | becomes | ||
+ | |||
+ | " | ||
+ | |||
+ | and this results in the second line of output. | ||
+ | about this, because if you [[eval]] a string that comes from an untrusted | ||
+ | source, someone could take over your client. | ||
+ | |||
+ | on public * {eval echo $*} | ||
+ | |||
+ | Now consider if someone says "hi there!;exec rm -rf ~" | ||
+ | |||
+ | "eval echo $*" | ||
+ | |||
+ | becomes | ||
+ | |||
+ | "eval echo hi there!;exec rm -rf ~" | ||
+ | |||
+ | which becomes | ||
+ | |||
+ | " | ||
+ | |||
+ | If this occurs, epic will dutifully remove all your files. | ||
+ | Do not use [[eval]] without a very good reason! | ||
+ | |||
+ | ======History: | ||
+ | |||
eval.txt · Last modified: 2007/02/12 22:51 by 127.0.0.1