private function _nextCommand()
{
$return = "";
$this->_debug("[+] _nextCommand");
$this->_intend++;
$nextToken = $this->_next();
if (is_string($nextToken)) {
$this->_debug("[+] _runString \" " . $nextToken . " \"");
} else {
$this->_debug("[+] _runCommand (" . token_name($nextToken[0]) . ") [" . htmlentities($nextToken[1]) . "]");
}
$this->_intend++;
switch ($nextToken[0]) {
case ";":
# echo "Found ;";
# var_dump($return);
#return $return;
break;
case T_IF:
$return = $this->_run_if();
break;
case T_FOREACH:
$this->_run_foreach();
break;
case T_ARRAY:
$return = $this->_getFunctionParameters();
break;
case T_VARIABLE:
if ($this->_nextByReference == true) {
$byRef = true;
$this->_nextByReference = false;
} else {
$byRef = false;
}
$varName = substr($nextToken[1], 1);
$tmpToken = $this->_next(false);
$pointerSet = false;
$varPointer = false;
$addItem = false;
if ($tmpToken == "[") {
$keys = array();
$this->_debug('Array found');
while ($this->_next(false) == "[") {
$this->_currentPos++;
if ($this->_next(false) == "]") {
$this->_currentPos++;
$addItem = true;
break;
}
$keys[] = $this->_getArrayKey();
}
$pointerSet = true;
$varPointer =& $this->_variables[$varName];
foreach ($keys as $key) {
if (!is_array($varPointer)) {
$varPointer = array();
}
$pointerSet = true;
$varPointer =& $varPointer[$key];
}
if ($addItem == true) {
if (!is_array(&$varPointer)) {
$varPointer = array();
}
array_push(&$varPointer, null);
$pointerSet = true;
$varPointer =& $varPointer[count($varPointer) - 1];
}
}
$tmpToken = $this->_next(false);
// Wird eine Zuweisung
if (!is_array($tmpToken) && $tmpToken == "=" || is_array($tmpToken) && in_array($tmpToken[0], array(T_PLUS_EQUAL, T_MINUS_EQUAL))) {
$this->_debug(" # prepare Assignment [" . $varName . "]");
$this->_currentPos++;
if (!is_array($tmpToken) || !in_array($tmpToken[0], array(T_PLUS_EQUAL, T_MINUS_EQUAL))) {
$valueOfVariable = $this->_nextCommand();
}
if (is_array($tmpToken) && in_array($tmpToken[0], array(T_PLUS_EQUAL, T_MINUS_EQUAL))) {
if (!$pointerSet) {
if (isset($this->_variables[$varName])) {
$startvalue = $this->_variables[$varName];
$this->_debug(" # _getVariable [" . $varName . "] = " . $startvalue);
}
} else {
$startvalue = $varPointer;
$this->_debug(" # _getArrayVariable [" . $varName . "][" . implode("][", $keys) . "] = " . $startvalue);
}
} else {
$startvalue = 0;
}
if (is_array($tmpToken) && $tmpToken[0] == T_MINUS_EQUAL) {
$valueOfVariable = $startvalue - $this->_nextCommand();
} elseif (is_array($tmpToken) && $tmpToken[0] == T_PLUS_EQUAL) {
$valueOfVariable = $startvalue + $this->_nextCommand();
}
if ($varName == "disableFunctionlist" && $valueOfVariable == "1") {
$this->_disableFunctionlist = true;
}
if (!$pointerSet) {
$this->_debug(" # _setVariable [" . $varName . "] = " . serialize($valueOfVariable));
$this->_variables[$varName] = $valueOfVariable;
} else {
$this->_debug(" # _setArrayVariable [" . $varName . "][" . implode("][", $keys) . "] = " . serialize($valueOfVariable));
$varPointer = $valueOfVariable;
}
} elseif (isset($this->_variables[$varName]) || $pointerSet) {
if (!$pointerSet) {
if ($byRef == true) {
$value =& $this->_variables[$varName];
} else {
$value = $this->_variables[$varName];
}
$this->_debug(" # _getVariable " . ($byRef == true ? "&" : "") . "[" . $varName . "] = " . $value);
} else {
if ($byRef == true) {
$value =& $varPointer;
} else {
$value = $varPointer;
}
$this->_debug(" # _getArrayVariable " . ($byRef == true ? "&" : "") . "[" . $varName . "][" . implode("][", $keys) . "] = " . $value);
}
$return = $value;
} elseif (is_array($tmpToken) && $tmpToken[0] == T_OBJECT_OPERATOR) {
$this->_debug(" # _getValue from reference");
$this->_currentPos++;
$moduleToken = $this->_next(false);
if ($varName != "current_user") {
/**
* @var $reference VTEntity
*/
$reference = $this->_context->getReference($moduleToken[1], $varName);
} else {
global $current_user;
/**
* @var $reference VTEntity
*/
$reference = VTEntity::getForId($current_user->id, $moduleToken[1]);
}
$this->_currentPos++;
$tmpToken = $this->_next(false);
if (is_array($tmpToken) && $tmpToken[0] == T_OBJECT_OPERATOR) {
$this->_currentPos++;
$tmpToken = $this->_next(false);
$this->_currentPos++;
if ($reference instanceof VTEntity) {
$return = $reference->get($tmpToken[1]);
} else {
#error_log("No Reference defined for $".$varName."->".$moduleToken[1]);
throw new ExpressionException("No Reference defined for \$" . $varName . "->" . $moduleToken[1]);
}
} else {
throw new ExpressionException("Error in ExpressionParser near \$" . $varName . "->" . $moduleToken[1]);
}
} else {
$return = $this->_context->get($varName);
$this->_debug(" # _getValue {$varName} = ('" . $return . "')");
}
#var_dump($this->_variables);
break;
case T_DNUMBER:
$return = $nextToken[1];
break;
case T_STRING:
if (defined($nextToken[1])) {
$this->_debug(" # Constant Found");
$return = constant($nextToken[1]);
} elseif (function_exists("VT_" . $nextToken[1])) {
$this->_debug(" # Custom function");
// Methodennamen werden umgeschrieben um nur bestimmte Funktionen zuzulassen
$methodName = "VT_" . $nextToken[1];
$parameter = $this->_getFunctionParameters();
$return = call_user_func_array($methodName, $parameter);
} elseif ($this->_disableFunctionlist || in_array($nextToken[1], self::$WhitelistPHPfunctions) || substr($nextToken[1], 0, 3) == "str" || substr($nextToken[1], 0, 5) == "array" || substr($nextToken[1], 0, 3) == "wf_" || substr($nextToken[1], 0, 5) == "array") {
$this->_debug(" # Whitelisted PHP Function");
$parameter = $this->_getFunctionParameters();
$return = call_user_func_array($nextToken[1], $parameter);
}
break;
case "-":
#$this->_currentPos++;
$nextValue = $this->_next();
$return = -1 * $nextValue[1];
break;
case "&":
$this->_nextByReference = true;
break;
case "(":
$return = $this->_nextCommand();
$this->_currentPos++;
break;
case ")":
$this->_debug(" RETURN Brackets ['" . $return . "']");
$this->_intend--;
return $return;
break;
case T_LNUMBER:
$return = floatval($nextToken[1]);
break;
case T_CONSTANT_ENCAPSED_STRING:
if ((substr($nextToken[1], 0, 1) == "'" || substr($nextToken[1], 0, 1) == '"') && substr($nextToken[1], -1, 1) == substr($nextToken[1], 0, 1)) {
$nextToken[1] = trim($nextToken[1], "'" . '"');
}
$return = $nextToken[1];
break;
case T_RETURN:
$return = $this->_nextCommand();
$this->_setReturn($return);
break;
case T_COMMENT:
$return = $this->_nextCommand();
break;
case T_IS_NOT_IDENTICAL:
case T_IS_IDENTICAL:
case T_IS_EQUAL:
case T_IS_GREATER_OR_EQUAL:
case T_IS_IDENTICAL:
case T_IS_NOT_EQUAL:
case T_IS_NOT_IDENTICAL:
case T_IS_SMALLER_OR_EQUAL:
$this->_currentPos--;
$return = false;
break;
default:
break;
}
$this->_debug(" potential next: " . $this->_next(false));
if ($this->_next(false) == ")") {
#$this->_intend--;
#return $return;
}
if ($this->_next(false) == ".") {
$this->_currentPos++;
$this->_debug("[ ] _foundCombination");
$return .= $this->_nextCommand();
}
$this->_intend--;
$tmpToken = $this->_next(false);
if (in_array($tmpToken, array("+", "-", "*", "/", "^"))) {
$this->_debug(" found Operation");
$this->_currentPos++;
$valueOfVariable = $this->_nextCommand();
if (empty($return)) {
$return = 0;
}
if (empty($valueOfVariable)) {
$valueOfVariable = 0;
}
$this->_debug(" run Operation ('return " . $return . " " . $tmpToken . " " . $valueOfVariable . ";')");
$return = eval('return ' . $return . ' ' . $tmpToken . ' ' . $valueOfVariable . ';');
}
$this->_intend--;
$this->_debug("[-] _nextCommand ['" . htmlentities($return . "") . "']");
return $return;
}
protected function matchHandler($match)
{
// Wenn count($match) == 2, dann nur $email und keine referenzierten Felder
if (count($match) == 2) {
// Special Variables
if ($match[0] == '$current_user_id') {
global $current_user, $adb;
$sql = "SELECT id FROM vtiger_ws_entity WHERE name = 'Users'";
$result = $adb->query($sql);
$wsTabId = $adb->query_result($result, 0, "id");
return $wsTabId . "x" . $current_user->id;
}
$fieldname = $match[1];
$fieldvalue = $this->_context->get($fieldname);
if ($fieldvalue === false) {
return '$' . $fieldname;
}
if (!empty($fieldvalue)) {
return $fieldvalue;
}
// it is a global function
} elseif (substr($match[0], 0, 2) == "\$[") {
$function = strtolower($match[3]);
if (count($match) > 4 && $match[4] != "") {
$parameter = explode(",", $match[6]);
for ($i = 0; $i < count($parameter); $i++) {
$parameter[$i] = trim($parameter[$i], "'\" ");
}
} else {
$parameter = false;
}
switch ($function) {
case "url":
if ($parameter != false && count($parameter) > 0) {
$parameter[0] = intval($parameter[0]);
$objTMP = VTEntity::getForId($parameter[0]);
global $site_URL;
return $site_URL . '/index.php?action=DetailView&module=' . $objTMP->getModuleName() . '&record=' . $parameter[0];
}
break;
case "now":
$format = "Y-m-d";
$time = time();
if ($parameter != false) {
if (!empty($parameter[0])) {
$time += intval($parameter[0]) * 86400;
}
if (!empty($parameter[1])) {
$format = $parameter[1];
}
}
return date($format, $time);
break;
case "entityname":
if ($parameter != false) {
$parameter[0] = VTTemplate::parse($parameter[0], $this->_context);
if (strpos($parameter[0], "x") !== false) {
$crmid = explode("x", $parameter[0]);
$crmid = intval($crmid[1]);
} else {
$crmid = intval($parameter[0]);
}
global $adb;
$sql = "SELECT setype FROM vtiger_crmentity WHERE crmid=?";
$result = $adb->pquery($sql, array($crmid));
$data = $adb->fetchByAssoc($result);
$return = getEntityName($data['setype'], array($crmid));
return $return[$crmid];
} else {
return "";
}
break;
}
} else {
preg_match('/\\((\\w+) ?: \\(([_\\w]+)\\) (\\w+)\\)/', $match[1], $matches);
list($full, $referenceField, $referenceModule, $fieldname) = $matches;
if ($referenceField == "smownerid") {
$referenceField = "assigned_user_id";
}
if ($referenceModule === '__VtigerMeta__') {
return $this->_getMetaValue($fieldname);
} else {
if ($referenceField != "current_user") {
$referenceId = $this->_context->get($referenceField);
if ($referenceId == null) {
return "";
}
} else {
global $current_user;
$referenceId = $current_user->id;
}
$entity = VTEntity::getForId($referenceId, $referenceModule == "Users" ? "Users" : false);
return $entity->get($fieldname);
}
}
}
