Issue with lsl to php script

Question

PHP part:

$php = $_POST['php'];

//$php = "print \"hello world\";";

if ($php != null){
    if (strlen($php) < 400){
        echo $php;
        eval($php);
        //eval("print \"hello world\";");
    }else die ("Evaluated Expression Exceeds Maximum Length");
}

LSL part:

string php = "print \"hello world\";";

Now I added the commented out bits into PHP to show that it works. And then when the LSL script sends to PHP it returns:

print \"hello world\"; -- this line is from, 'echo $php;'

<b>Parse error</b>:  syntax error, unexpected '&quot;', expecting identifier
(T_STRING) in <b>xxxxxx.php(141) : eval()'d code</b> on line <b>1</b><br />
-- this is the error.

And it is something to do with the the way the two scripts are sending data. I thought maybe had something to do with $php = $_POST['php']; so changed it to $php = $_POST[php]; With no change to the result. I then tried changing print \"hello world\"; to print 'hello world'; It then just returns the error : T_ENCAPSED_AND_WHITESPACE.

I did not supply the full source here. Only the section that was having an issue. It is supplied in a example state. The output is the same as the actual error result, that is being seen in the source. Usage of eval is required for the lsl script and php. In that the code is dynamically being reconfigured by both and sent to one another. Essentially giving the two the ability to code into one another. This is for a game in Second Life.

So if anyone knows of an actual way to pass the required data to and from the scripts. I could use some advice. Or a smack in the head if I missed something simple.

Try to send instead: "print "hello world";" or use `htmlspecialchars` to encode the string before you send it — Nir Alfasi, Aug 11 '13 at 01:17
The data is sent from the LSL script (Second Life) <> PHP then back <> LSL. In this order which will be a constant chain. As the above shows the LSL to PHP is collecting the escaped string correctly and echoes : print \"hello world\"; Which from the LSL was : print \"hello world\";. So both scripts see the same data in the same way. Though upon eval it errors. Using your first suggestion is the same as escaping the data before send. As it already does this from LSL. The second can never be done as LSL to PHP does not understand htmlspecialchars. If it was PHP to LSL yes. This is not the order. — Esoterica, Aug 11 '13 at 01:29
Like you can see in the `echo` you receive `print \"hello world\";` while what you really want is: `print "\"hello world\"";` or simply: `print "hello world";` — Nir Alfasi, Aug 11 '13 at 01:36
@ mario Thanks man. That gave me a idea to search for. And found what was happening. Using eval(stripslashes($php)); Fixes the issue and works like it should. So I will say thank you. And it was simple I should slap myself in the head now. LOL. — Esoterica, Aug 11 '13 at 01:36

Esoterica · Accepted Answer · 2013-08-11T01:44:36.067

With the kind poke from mario on turning off magic_quotes. I then found what the data was doing in the source. I then ended up researching and using the following : eval(stripslashes($php)); Which completely solves the issue. And based on marios poke.

It had nothing to do with escape data. Didn't think so as echo reported that fine. And it was indeed a slap me in the head error too.

stripslashes — Un-quotes a quoted string

Will vote this as best answer and also a best answer for mario. Wish he would have done his as a answer over comment. So could have voted it.

Issue with lsl to php script

1 Answers1