MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Display additional usergroups on threads.
Full Version: Display additional usergroups on threads.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Cedric

2013-08-01, 11:36 AM
(2013-08-01, 11:07 AM)Nathan Malcolm Wrote: [ -> ]
(2013-08-01, 10:38 AM)Cedric Wrote: [ -> ]Using EVAL to properly parse PHP VARS inside the $imghtml.

You don't need eval() for that. Double quotes expand variables.

Ow. Yeah mate you are right.

I just looked into echoing in single quotes & double quotes. Double quotes work fine!

Thanks mate Smile learned something today Big Grin

BTW, why then mybb uses Eval?

Jambuster

2013-08-01, 11:48 AM
(2013-08-01, 11:36 AM)Cedric Wrote: [ -> ]
(2013-08-01, 11:07 AM)Nathan Malcolm Wrote: [ -> ]
(2013-08-01, 10:38 AM)Cedric Wrote: [ -> ]Using EVAL to properly parse PHP VARS inside the $imghtml.

You don't need eval() for that. Double quotes expand variables.

Ow. Yeah mate you are right.

I just looked into echoing in single quotes & double quotes. Double quotes work fine!

Thanks mate Smile learned something today Big Grin

BTW, why then mybb uses Eval?

Single or double quotes work fine as long as you "escape" correctly. Just because mybb uses something doesn't necessarily mean its correct or best practice.

Cedric

2013-08-01, 11:55 AM
@Jambuster,

SINGLE QUOTES don't work. I just TESTES it.

Also, it has been clarified earlier BY A SENIOR MYBB DEVELOPER (I believe, Ryan Gordon, don't remember properly) that using eval is completely safe.
It is written on php.net "The eval() language construct is very dangerous because it allows execution of arbitrary PHP code" (Pay attention to the bold line)

So I think we can conclude that IF WE HAVE MADE A PROPER CODE, then using eval is not that dangerous.

Jambuster

2013-08-01, 12:22 PM
(2013-08-01, 11:55 AM)Cedric Wrote: [ -> ]@Jambuster,

SINGLE QUOTES don't work. I just TESTES it.

Also, it has been clarified earlier BY A SENIOR MYBB DEVELOPER (I believe, Ryan Gordon, don't remember properly) that using eval is completely safe.
It is written on php.net "The eval() language construct is very dangerous because it allows execution of arbitrary PHP code" (Pay attention to the bold line)

So I think we can conclude that IF WE HAVE MADE A PROPER CODE, then using eval is not that dangerous.

I thought that was obvious ? Of course it can be made safe if you know what your doing. My point is you where using EVAL where is was not needed. Theres no point in "concluding" something if you're just pulling information from sites like php.net and still dont understand it.

Heres a test for you lol, it's a variable that is used to store a message in a database from a user input. Is this dangerous or not ? If it is dangerous, why ?
<input type="text" value="{$post['message']}" />

Cedric

2013-08-01, 02:27 PM
It may be dangerous if you have not sanitized properly.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Display additional usergroups on threads.