[ss-2018-006] Prevent code execution in template value resolution

This commit is contained in:
Damian Mooyman 2018-04-10 13:46:08 +12:00 committed by Robbie Averill
parent e967ab09a2
commit 2e13ae746f
5 changed files with 14 additions and 4 deletions

View File

@ -121,7 +121,7 @@ class FixtureBlueprint
continue;
}
if (is_callable($fieldVal)) {
if (!is_string($fieldVal) && is_callable($fieldVal)) {
$obj->$fieldName = $fieldVal($obj, $data, $fixtures);
} else {
$obj->$fieldName = $fieldVal;

View File

@ -281,7 +281,7 @@ class GridFieldDataColumns implements GridField_ColumnProvider
}
$spec = $this->fieldFormatting[$fieldName];
if (is_callable($spec)) {
if (!is_string($spec) && is_callable($spec)) {
return $spec($value, $item);
} else {
$format = str_replace('$value', "__VAL__", $spec);

View File

@ -333,7 +333,7 @@ class MarkedSet
$parentNode->setField('markingClasses', $this->markingClasses($data['node']));
// Evaluate custom context
if (is_callable($context)) {
if (!is_array($context) && is_callable($context)) {
$context = call_user_func($context, $data['node']);
}
if ($context) {

View File

@ -326,7 +326,7 @@ class SSViewer_DataPresenter extends SSViewer_Scope
$override = $overrides[$property];
// Late-evaluate this value
if (is_callable($override)) {
if (!is_string($override) && is_callable($override)) {
$override = $override();
// Late override may yet return null

View File

@ -109,6 +109,16 @@ class SSViewerTest extends SapphireTest
$this->assertEquals('Test partial template: var value', trim(preg_replace("/<!--.*-->/U", '', $result)));
}
/**
* Ensure global methods aren't executed
*/
public function testTemplateExecution()
{
$data = new ArrayData([ 'Var' => 'phpinfo' ]);
$result = $data->renderWith("SSViewerTestPartialTemplate");
$this->assertEquals('Test partial template: phpinfo', trim(preg_replace("/<!--.*-->/U", '', $result)));
}
public function testIncludeScopeInheritance()
{
$data = $this->getScopeInheritanceTestData();