mirror of
https://github.com/fenom-template/fenom.git
synced 2023-08-10 21:13:07 +03:00
Merge pull request #335 from WinterSilence/patch-2
Fix `Fenom::isAllowedFunction()`
This commit is contained in:
commit
065ccaec23
@ -200,6 +200,11 @@ class Fenom
|
|||||||
"implode" => 1
|
"implode" => 1
|
||||||
);
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var string[] the disabled functions by `disable_functions` PHP's option
|
||||||
|
*/
|
||||||
|
protected $_disabled_funcs;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var array[] of compilers and functions
|
* @var array[] of compilers and functions
|
||||||
*/
|
*/
|
||||||
@ -769,16 +774,38 @@ class Fenom
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $function
|
* Checks if is allowed PHP function for using in templates.
|
||||||
|
*
|
||||||
|
* @param string $function the function name
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function isAllowedFunction($function)
|
public function isAllowedFunction($function)
|
||||||
{
|
{
|
||||||
if ($this->_options & self::DENY_NATIVE_FUNCS) {
|
$function = (string) $function;
|
||||||
return isset($this->_allowed_funcs[$function]);
|
$allow = ($this->_options & self::DENY_NATIVE_FUNCS)
|
||||||
} else {
|
? isset($this->_allowed_funcs[$function])
|
||||||
return is_callable($function);
|
: function_exists($function);
|
||||||
|
return $allow && !in_array($function, $this->getDisabledFuncs(), true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the disabled PHP functions.
|
||||||
|
*
|
||||||
|
* @return string[]
|
||||||
|
*/
|
||||||
|
protected function _getDisabledFuncs()
|
||||||
|
{
|
||||||
|
if (!is_array($this->_disabled_funcs)) {
|
||||||
|
$disabled = ini_get('disable_functions');
|
||||||
|
// adds execution functions to disabled for security
|
||||||
|
$this->_disabled_funcs = array_merge(
|
||||||
|
empty($disabled) ? [] : explode(',', $disabled),
|
||||||
|
array('exec', 'system', 'passthru', 'shell_exec', 'pcntl_exec', 'proc_open', 'popen'),
|
||||||
|
array('call_user_func', 'call_user_func_array')
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $this->_disabled_funcs;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user