Non-eval'd code inside eval'd code?

juschillin

Hi,

I am writing a simple script for a client that pulls in their Wordpress blog into their site which uses MODx.

That is not necessarily important to know, except that MODx, seems to EVAL() my Wordpress module.

Easy right? Well, it was until I realized that their Wordpress blog contains php code.

One string in my code is this:

$content = $feeditem->getElementsByTagName('encoded')->item(0)->nodeValue;

And that is the line that gives me trouble. It returns the content of a particular post. Some of which contain php code.

I have tried htmlentities; I've tried eval'ing (which won't work because there is more than just php code); I've tried addslashes.

How do I get the contents of this string and have the eval() which MODx uses ignore this string as php code? Perhaps somehow just see it a raw text?

Thanks, hope that makes sense.

sneakyimp

Perhaps you could give us some idea of what is stored in the var $content? Also, what are you trying to accomplish? Why would you want to eval it? Do you want to remove it? What's the goal here? What was wrong with eval'ing or htmlentities or addslashes?

johanafm

You probably need to take care of escaping wrapping it in string delimiters and escaping those same delimiters in the string.

	$str = 'eval(\'echo "stuff";\');';

$eval_this = "echo $str";
echo 'eval('.$eval_this.')<br/>';
eval($eval_this);

$eval_that = 'echo "'.str_replace('"', '\"',($str)).'";';
echo '<br/>eval('.$eval_that.')<br/>';
eval($eval_that);