Eval recursion has been turned off by default for Response.ExpandTemplate() and MergeText() and wwEval.MergeText(). This change is by design to minimize potential security breaches.

The main concern is that unchecked nested tags containing user input could easily execute code in your pages in unexpected situations which opens up a huge security hole. For this reason recursion is off by default, and we don't make it real easy to turn it back on.

With recursion on, imagine a user entering this into a textbox:

<%= Version() %>

If your template now echos that value with:

<%= lcInputValue %>

and recursion is on the page will display the FoxPro version number! At this point, effectively the user has executed code in YOUR FoxPro application. Version() is one of the milder problems of what can execute...

So for this reason we've turned off recursive expressions. If you really need recursive expressions, you can use:

<%= MergeText(lcValue) %>

which now explictly recurses the result value.

The wwEval object also contains a lAllowEvalRecursion flag that is off by default. If you have pages that you know explicitly require recursive expressions you can forego ExpandTemplate and instead use this equivalent code:

loEval = CREATE("wwEval")
loEval.lAllowEvalRecursion = .T.
lcResult = loEval.MergeText( FILE2VAR( Request.GetPhysicalPath() ) )
Response.Write(lcResult)