mirror
/
fenom
mirror of https://github.com/fenom-template/fenom.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix `Fenom::isAllowedFunction()` 

- Checks if function in `ini_get('disable_functions')`
- Replace `is_callable()` to `function_exists()` to ignore invokable classes
This commit is contained in:
Anton 2022-06-12 10:44:00 +03:00 committed by GitHub
parent 8fb0a70311
commit 79283c6f7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/Fenom.php
View File

@ -200,6 +200,11 @@ class Fenom
"implode" => 1
);
/**
* @var string[] the disabled functions by `disable_functions` PHP's option
*/
protected $_disabled_funcs;
/**
* @var array[] of compilers and functions
*/
@ -769,16 +774,24 @@ class Fenom
}
/**
* @param string $function
* Checks if is allowed PHP function for using in templates.
*
* @param string $function the function name
* @return bool
*/
public function isAllowedFunction($function)
{
if ($this->_options & self::DENY_NATIVE_FUNCS) {
return isset($this->_allowed_funcs[$function]);
} else {
return is_callable($function);
$function = (string) $function;
if (!is_array($this->_disabled_funcs)) {
$disabled = ini_get('disable_functions');
$this->_disabled_funcs = empty($disabled) ? [] : explode(',', $disabled);
}
if ($this->_options & self::DENY_NATIVE_FUNCS) {
return isset($this->_allowed_funcs[$function]) && !in_array($function, $this->_disabled_funcs, true);
}
return function_exists($function) && !in_array($function, $this->_disabled_funcs, true);
}
/**