Include code from a PHP stream
I'm wondering if it is at all possible to create a stream wrapper in order to load some code from 开发者_StackOverflow中文版an array into using something like the following
<?php include 'template://myarraykey/'; ?>
and have it work like doing a normal include from a file? The reason for asking is because I don't really want to store templates on the file system, they'll either exist in memcache or a database table and defiantly don't want to use eval().
Also I would assume I'll need to have allow_url_include set to on?
I know this is an old question...but I think it's worth noting that you can do something like:
$content = '
<?php if($var=true): ?>
print this html
<?php endif; ?>
';
Normally this would very cumbersome to eval, but you can do:
include "data://text/plain;base64,".base64_encode($content);
And it will parse it snappy like!
Include can take arbitrary urls. Read this. Here is an example HTTP code taken from there:
<?php
/* This example assumes that www.example.com is configured to parse .php
* files and not .txt files. Also, 'Works' here means that the variables
* $foo and $bar are available within the included file. */
// Won't work; file.txt wasn't handled by www.example.com as PHP
include 'http://www.example.com/file.txt?foo=1&bar=2';
// Won't work; looks for a file named 'file.php?foo=1&bar=2' on the
// local filesystem.
include 'file.php?foo=1&bar=2';
// Works.
include 'http://www.example.com/file.php?foo=1&bar=2';
$foo = 1;
$bar = 2;
include 'file.txt'; // Works.
include 'file.php'; // Works.
?>
And just change it to include "template://$thevalue";
eval, the word, isn't evil. Things you can do with it are. Any means of doing what you want will have the same risk as eval. So just use eval, since securing it is a more 'known' problem.
Since include
can use any appropriate stream and you can register your own stream wrapper, I don't see why not.
Just for fun you could try an alternative: load your data from memcached and include it using the data stream wrapper.
精彩评论