eval
Differences
This shows you the differences between two versions of the page.
| — |
eval [2007/02/12 22:51] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ======Synopsis:====== | ||
| + | [[eval]] //<block>// | ||
| + | |||
| + | ======Description:====== | ||
| + | [[Eval]] treats its arguments as a [[block statement|ircii_syntax]] and | ||
| + | executes it. Generally the only place you need to use [[eval]] is at the | ||
| + | input prompt. Normally the commands you type at the input prompt are treated | ||
| + | as command statements that already expanded; If you wish to put $-expandos | ||
| + | in your statement and have them substituted, you would not ordinarily have | ||
| + | any way to do that. But the [[eval]] command provides for this. | ||
| + | |||
| + | This is the reason why using [[eval]] in a script is so dangerous. Because | ||
| + | command statements are expanded before the command is executed, it is | ||
| + | possible for dangerous text to be included in the argument list. You must | ||
| + | never pass to [[eval]] anything that contains text from an untrusted | ||
| + | source (ie, from the server) | ||
| + | |||
| + | But for a more concrete example, [[eval]] allows you to indirectly reference | ||
| + | variables, but only if you're careful about it: | ||
| + | |||
| + | if (1) { | ||
| + | @ variable = 'this is some text'; | ||
| + | @ indirect = '$variable'; | ||
| + | echo $indirect; | ||
| + | eval echo $indirect | ||
| + | }; | ||
| + | |||
| + | The output of these two echos are: | ||
| + | |||
| + | $variable | ||
| + | this is some text | ||
| + | |||
| + | Why does this work? Because ircII expands $'s in the command and then splits | ||
| + | it into a command and an argument: | ||
| + | |||
| + | eval echo $indirect | ||
| + | |||
| + | expands to: | ||
| + | |||
| + | eval echo $variable | ||
| + | |||
| + | and the [[eval]] command expands the arguments, and runs them: | ||
| + | |||
| + | "eval" + "echo $variable" | ||
| + | |||
| + | becomes | ||
| + | |||
| + | "eval" + "echo this is some text" | ||
| + | |||
| + | and this results in the second line of output. You have to be very careful | ||
| + | about this, because if you [[eval]] a string that comes from an untrusted | ||
| + | source, someone could take over your client. Consider this: | ||
| + | |||
| + | on public * {eval echo $*} | ||
| + | |||
| + | Now consider if someone says "hi there!;exec rm -rf ~" | ||
| + | |||
| + | "eval echo $*" | ||
| + | |||
| + | becomes | ||
| + | |||
| + | "eval echo hi there!;exec rm -rf ~" | ||
| + | |||
| + | which becomes | ||
| + | |||
| + | "eval" + "echo hi there!;exec rm -rf ~" | ||
| + | |||
| + | If this occurs, epic will dutifully remove all your files. **BE CAREFUL!** | ||
| + | Do not use [[eval]] without a very good reason! | ||
| + | |||
| + | ======History:====== | ||
| + | |||
eval.txt ยท Last modified: 2007/02/12 22:51 (external edit)
Page Tools
