I just found that the skin engine I wrote to power my blog has a fatal flaw in its
if/
else parsing regex. I tried nesting some
if statements and it used the wrong corresponding
endif statement,
which was very bad... I've been looking at the regex for a while now,
and I think I'm going to have to rewrite that entire portion of the skin
engine without regexes, because I think I'd need an infinitely nested
regex to properly do what that code needs to do, and such a regex is,
naturally, impossible. Oh well, back to the drawing board.
(the regex that's ruining my fun)I also just had fun writing a replacement for the built-in PHP
parse_ini_file() function because the host for
the OpenBoard site changed
some Safe Mode settings and made the aforementioned builtin unusable.
The replacement was relatively easy to write, but I've got to wonder,
what about parse_ini_file() makes it such a security risk that Safe Mode
would disable it?
For the PHP inclined, this is the replacement I came up with.
<?php
function parse_ini_file_userspace($filename, $process_sections = FALSE)
{
$section = NULL;
$return = array();
$const = get_defined_constants();
$file = file($filename);
foreach($file as $i => $line)
{
$line = trim($line);
if(strlen($line) === 0)
continue;
if(substr($line, 0, 1) == "[" && substr($line, -1, 1) == "]")
{
if($process_sections)
{
if($section_name !== NULL) // new section, add the old one to the return array
$return[$section_name] = $section;
$section_name = substr($line, 1, strlen($line) - 2);
$section = array();
}
continue;
}
list($lvalue,$rvalue) = explode("=", $line, 2);
$lvalue = trim($lvalue);
$rvalue = trim($rvalue);
if($rvalue == "true" || $rvalue == "yes")
$rvalue = 1;
if($rvalue == "false" || $rvalue == "no" || $rvalue == "null")
$rvalue = "";
if(in_array($rvalue, array_keys($const)))
$rvalue = $const[$rvalue];
if(substr($rvalue, 0, 1) == "\"" && substr($rvalue, -1, 1) == "\"")
$rvalue = substr($rvalue, 1, strlen($rvalue) - 2);
if($process_sections)
$section[$lvalue] = $rvalue;
else
$return[$lvalue] = $rvalue;
}
// add the last section to the return array
if($process_sections)
{
// no section was ever defined, return as if $process_sections had been FALSE
if($section_name === NULL)
$return = $section;
else
$return[$section_name] = $section;
}
return $return;
}
?>
There are
some minor issues, such as the fact that it doesn't follow the strict
requirements the builtin places on the variables. For instance, using
double quotes around a value with non-alphanumeric characters
is unneccessary, because my code will pick it all up regardless, and
the variable name can have any values you want - the code doesn't
care whether it's a valid name for a PHP variable.
