From 7fc4f0c7e429e03c0cdc758e5d1c114ffdd2c9b0 Mon Sep 17 00:00:00 2001
From: Roland Gruber <gruberroland@users.sf.net>
Date: Thu, 6 Oct 2011 11:43:40 +1100
Subject: [PATCH] SF Patch #3391039 - Remove eval commands from PHP code

---
 lib/Tree.php         |  2 +-
 lib/Visitor.php      | 15 +--------------
 lib/xmlTemplates.php |  8 ++++----
 3 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/lib/Tree.php b/lib/Tree.php
index 38a11d2..b4d468f 100644
--- a/lib/Tree.php
+++ b/lib/Tree.php
@@ -51,7 +51,7 @@ abstract class Tree {
 				return null;
 
 			$treeclass = $_SESSION[APPCONFIG]->getValue('appearance','tree');
-			eval('$tree = new '.$treeclass.'($server_id);');
+			$tree = new $treeclass($server_id);
 
 			# If we are not logged in, just return the empty tree.
 			if (is_null($server->getLogin(null)))
diff --git a/lib/Visitor.php b/lib/Visitor.php
index b9affdb..fca5099 100644
--- a/lib/Visitor.php
+++ b/lib/Visitor.php
@@ -55,20 +55,7 @@ abstract class Visitor {
 			printf('<font size=-2>Method Exists: %s::%s (%s)</font><br />',get_class($this),$call,$args);
 
 		if (method_exists($this,$call)) {
-			$call .= '(';
-
-			for ($i = 0; $i < count($args); $i++)
-				if ($i == 0)
-					$call .= sprintf('$args[%s]',$i);
-				else
-					$call .= sprintf(',$args[%s]',$i);
-
-			$call .= ');';
-
-			if (defined('DEBUGTMP') && DEBUGTMP)
-				printf('<font size=-2><b>Invoking Method: $this->%s</b></font><br />',$call);
-
-			eval('$r = $this->'.$call);
+			$r = call_user_func_array(array($this,$call),$args);
 
 			if (isset($r))
 				return $r;
diff --git a/lib/xmlTemplates.php b/lib/xmlTemplates.php
index f27236b..0da73a9 100644
--- a/lib/xmlTemplates.php
+++ b/lib/xmlTemplates.php
@@ -57,7 +57,7 @@ abstract class xmlTemplates {
 						'type'=>'info','special'=>true));
 
 					$changed = true;
-					eval(sprintf('$this->templates[$index] = new %s($this->server_id,$template->getName(false),$template->getFileName(),$template->getType(),$index);',$class['name']));
+					$this->templates[$index] = new $class['name']($this->server_id,$template->getName(false),$template->getFileName(),$template->getType(),$index);
 				}
 			}
 
@@ -87,7 +87,7 @@ abstract class xmlTemplates {
 					if (! in_array($filename,$this->getTemplateFiles())) {
 						$templatename = preg_replace('/.xml$/','',$file);
 	
-						eval(sprintf('$this->templates[$index] = new %s($this->server_id,$templatename,$filename,$type,$index);',$class['name']));
+						$this->templates[$index] = new $class['name']($this->server_id,$templatename,$filename,$type,$index);
 						$index++;
 
 						$changed = true;
@@ -129,7 +129,7 @@ abstract class xmlTemplates {
 
 					# Store the template
 					$templatename = preg_replace('/.xml$/','',$file);
-					eval(sprintf('$this->templates[$counter] = new %s($this->server_id,$templatename,$filename,$type,$counter);',$class['name']));
+					$this->templates[$counter] = new $class['name']($this->server_id,$templatename,$filename,$type,$counter);
 					$counter++;
 				}
 			}
@@ -230,7 +230,7 @@ abstract class xmlTemplates {
 				return clone $template;
 
 		# If we get here, the template ID didnt exist, so return a blank template, which be interpreted as the default template
-		eval(sprintf('$object = new %s($this->server_id,null,null,"default");',$class['name']));
+		$object = new $class['name']($this->server_id,null,null,'default');
 		return $object;
 	}