When eval'ing a template, you say that $r holds the values, but since you generate a code string and pass it to drupal_eval, drupal_eval has no knowledge of $r and so it can't be eval'd. I did the output buffering and eval'ing inline so that you have access to the $r array. I'm not sure this is the best way to do this, but it works.

Files: 
CommentFileSizeAuthor
#5 183379.patch878 bytesroychri
#3 183379.patch664 bytesroychri
site_user_list.patch834 bytescwells

Comments

pukku’s picture

Hi! Thanks for this — I will look it over and see if I understand it. I initially used plain eval in this function; I switched over to drupal_eval because it seemed safer, but I didn't realize that it would keep $r from being available.

Thanks,
Ricky

mbria’s picture

I just found this same issue.

After patching your module could be nicely combined with "gtspam" to obfuscate mails in just a single line.
Evaluate this: return(gtspam($r['@mail']));

If you don't know your field name, give a try to: return(var_export($r));

Obviously gtspam module need to be installed and enabled. :-)

Thanks you guys for the great module and the patch.

roychri’s picture

FileSize
664 bytes

Thank you cwells for your patch.

There is a few things I dislike about your patch.

  1. Breaks re-usability - The function drupal_eval() is there to be used and it is perfect for this task.
  2. Copy and Paste - You copied and pasted some code so that breaks maintainability since anyone making change to drupal_eval would have to know to change this code too...
  3. Allow write access to the $r array and read/write access to all variables in that function.

Here is a patch which is less code change, reuse the existing drupal_eval() and only allow access to the $r array.

Let me know what you think.

cwells’s picture

I just looked at the patches real quick. This is sure a blast from the past, but if roychri's patch also works, it's a much better solution.

roychri’s picture

Version: 5.x-1.x-dev » 6.x-1.0-beta1
FileSize
878 bytes

Here is an updated patch for the version 6.x-1.0-beta1 version.

Anyone else want to review and mark as RTBC?

Thanks.

pooneil’s picture

Hi cwells,

I applied the patch provided by roychri. I gave it a quick test and accessing the '$r' array works. The change is committed and should show up in the next release.

Regards,
Anthony

pooneil’s picture

Assigned: Unassigned » pooneil
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.