From 79283c6f7f0365a40737f488f0aa64a0a04e784e Mon Sep 17 00:00:00 2001
From: Anton <info@ensostudio.ru>
Date: Sun, 12 Jun 2022 10:44:00 +0300
Subject: [PATCH] Fix `Fenom::isAllowedFunction()`

- Checks if function in `ini_get('disable_functions')`
- Replace `is_callable()` to `function_exists()` to ignore invokable classes
---
 src/Fenom.php | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/Fenom.php b/src/Fenom.php
index bdc789d..4c6ad7c 100644
--- a/src/Fenom.php
+++ b/src/Fenom.php
@@ -200,6 +200,11 @@ class Fenom
         "implode"     => 1
     );
 
+    /**
+     * @var string[] the disabled functions by `disable_functions` PHP's option
+     */
+    protected $_disabled_funcs;
+
     /**
      * @var array[] of compilers and functions
      */
@@ -769,16 +774,24 @@ class Fenom
     }
 
     /**
-     * @param string $function
+     * Checks if is allowed PHP function for using in templates.
+     *
+     * @param string $function the function name
      * @return bool
      */
     public function isAllowedFunction($function)
     {
-        if ($this->_options & self::DENY_NATIVE_FUNCS) {
-            return isset($this->_allowed_funcs[$function]);
-        } else {
-            return is_callable($function);
+        $function = (string) $function;
+        if (!is_array($this->_disabled_funcs)) {
+            $disabled = ini_get('disable_functions');
+            $this->_disabled_funcs = empty($disabled) ? [] : explode(',', $disabled);
         }
+
+        if ($this->_options & self::DENY_NATIVE_FUNCS) {
+            return isset($this->_allowed_funcs[$function]) && !in_array($function, $this->_disabled_funcs, true);
+        }
+
+        return function_exists($function) && !in_array($function, $this->_disabled_funcs, true);
     }
 
     /**