Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+1 vote
605 views
in Q2A Core by
I'm working in restricted shared hosting where "php eval() function is disabled". I dont have access to php.ini file. How can i use question2answer cms from this point? Thanks in Advance.
Q2A version: 1.7.4

1 Answer

+2 votes
by
 
Best answer
Answering my own question : my workaround for this problem is

1. open qa-include > qa-base.php

2. add following function in qa-base.php

function fakeEval($phpCode) {
        $tmpfname = tempnam("/tmp", "fakeEval");
        $handle = fopen($tmpfname, "w+");
        fwrite($handle, "<?php\n" . $phpCode);
        fclose($handle);
        include $tmpfname;
        unlink($tmpfname);
        return get_defined_vars();
    }

3. Modify function qa_eval_from_file($eval, $filename) in qa-base.php to :

function qa_eval_from_file($eval, $filename)
    {
        // could also use ini_set('error_append_string') but apparently it doesn't work for errors logged on disk

        global $php_errormsg;

        $oldtrackerrors=@ini_set('track_errors', 1);
        $php_errormsg=null;
        
        
        extract(fakeEval('?'.'>'.$eval));

        if (strlen($php_errormsg)) {
            switch (strtolower(@ini_get('display_errors'))) {
                case 'on': case '1': case 'yes': case 'true': case 'stdout': case 'stderr':
                    echo ' of '.qa_html($filename)."\n";
                    break;
            }

            @error_log('PHP Question2Answer more info: '.$php_errormsg." in eval()'d code from ".qa_html($filename));
        }

        @ini_set('track_errors', $oldtrackerrors);
    }

// notice i change "eval('?'.'>'.$eval)" to "extract(fakeEval('?'.'>'.$eval));"

4. Hope it helps someone in future :)

Credit : https://gonzalo123.com/2012/03/12/how-to-use-eval-without-using-eval-in-php/
by
Yes I suppose that would work! I think it will be a lot of overhead if you gain more traffic though because you are doing a lot of file I/O (writing, reading and deleting) on every page load.

I intend to remove eval from the source when possible but it's very difficult with the way plugins and themes work currently.
by
Yeah scott you are right, this won't scale well in high traffic load. Luckily i use q2a only for organisation's intern use, so the traffic won't be that high.

Ok maybe in next version, developer will figured it out. i will be waiting for it.

Btw thank you for your hard work :)
...