Simple and fast PHP expression parser, based on secure use of eval().
Compatible with PHP 7.1 and up.
This class tries to expose a subset of PHP functionality not by removing the bad features, but by explicitely allowing only the good features.
IF YOU FIND ANY (POTENTIAL) SECURITY ISSUE, PLEASE REPORT!
Since PHP-Expression uses eval()
, it can also handle PHP syntax, including
parenthesis, arithmetic, functions and more.
abs()
, min()
, max()
and sqrt()
.+
, -
, *
, /
and %
.true
/false
returns 1
/0
decimal).and
, xor
and or
0b
prefix. i.e. 0b1001110
.^^
for logical XOR (same as xor
).not
(same as !
).x ? y : z
) not supported.x ?: z
) not supported.x ?? z
) not supported.x <=> y
) only supported on PHP 7 and up (it's a PHP 7 feature).TODO
Though this class has been tested and independantly reviewed by several people, I cannot make any absolute 100% guarantee that it cannot be hacked. If you find any potential security problem, please let us know.
Even though the Expression class itself is supposed to be secure, the return value may still be abused if your code does not check for validity. Only numbers can be returned, but if your code crashes on a number "666", the Expression class cannot and will not be able to protect you. Check for valid ranges.