Site Tools


eval

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

eval [2007/02/12 22:51] (current)
Line 1: Line 1:
 +======Synopsis:​======
 +[[eval]] //<​block>//​
 +
 +======Description:​======
 +[[Eval]] treats its arguments as a [[block statement|ircii_syntax]] and
 +executes it.  Generally the only place you need to use [[eval]] is at the 
 +input prompt. ​ Normally the commands you type at the input prompt are treated ​
 +as command statements that already expanded; ​ If you wish to put $-expandos
 +in your statement and have them substituted,​ you would not ordinarily have
 +any way to do that.  But the [[eval]] command provides for this.
 +
 +This is the reason why using [[eval]] in a script is so dangerous. ​ Because
 +command statements are expanded before the command is executed, it is 
 +possible for dangerous text to be included in the argument list.  You must
 +never pass to [[eval]] anything that contains text from an untrusted ​
 +source (ie, from the server)
 +
 +But for a more concrete example, [[eval]] allows you to indirectly reference
 +variables, but only if you're careful about it:
 +
 + if (1) {
 +    @ variable = 'this is some text';
 +    @ indirect = '​$variable';​
 +    echo $indirect;
 +    eval echo $indirect
 + };
 +
 +The output of these two echos are:
 +
 + $variable
 + this is some text
 +
 +Why does this work?  Because ircII expands $'s in the command and then splits
 +it into a command and an argument:
 +
 + eval echo $indirect
 +
 +expands to:
 +
 + eval echo $variable
 +
 +and the [[eval]] command expands the arguments, and runs them:
 +
 + "​eval"​ + "echo $variable"​
 +
 +becomes
 +
 + "​eval"​ + "echo this is some text"
 +
 +and this results in the second line of output. ​ You have to be very careful
 +about this, because if you [[eval]] a string that comes from an untrusted
 +source, someone could take over your client. ​ Consider this:
 +
 + on public * {eval echo $*}
 +
 +Now consider if someone says "hi there!;exec rm -rf ~"
 +
 + "eval echo $*"
 +
 +becomes
 +
 + "eval echo hi there!;exec rm -rf ~"
 +
 +which becomes
 +
 + "​eval"​ + "echo hi there!;exec rm -rf ~"
 +
 +If this occurs, epic will dutifully remove all your files. ​ **BE CAREFUL!**
 +Do not use [[eval]] without a very good reason!
 +
 +======History:​======
 +
  
eval.txt ยท Last modified: 2007/02/12 22:51 (external edit)