mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006
[ss-2018-006] Prevent code execution in template value resolution
This commit is contained in:
commit
6f50728b18
@ -121,7 +121,7 @@ class FixtureBlueprint
|
||||
continue;
|
||||
}
|
||||
|
||||
if (is_callable($fieldVal)) {
|
||||
if (!is_string($fieldVal) && is_callable($fieldVal)) {
|
||||
$obj->$fieldName = $fieldVal($obj, $data, $fixtures);
|
||||
} else {
|
||||
$obj->$fieldName = $fieldVal;
|
||||
|
@ -281,7 +281,7 @@ class GridFieldDataColumns implements GridField_ColumnProvider
|
||||
}
|
||||
|
||||
$spec = $this->fieldFormatting[$fieldName];
|
||||
if (is_callable($spec)) {
|
||||
if (!is_string($spec) && is_callable($spec)) {
|
||||
return $spec($value, $item);
|
||||
} else {
|
||||
$format = str_replace('$value', "__VAL__", $spec);
|
||||
|
@ -333,7 +333,7 @@ class MarkedSet
|
||||
$parentNode->setField('markingClasses', $this->markingClasses($data['node']));
|
||||
|
||||
// Evaluate custom context
|
||||
if (is_callable($context)) {
|
||||
if (!is_string($context) && is_callable($context)) {
|
||||
$context = call_user_func($context, $data['node']);
|
||||
}
|
||||
if ($context) {
|
||||
|
@ -326,7 +326,7 @@ class SSViewer_DataPresenter extends SSViewer_Scope
|
||||
$override = $overrides[$property];
|
||||
|
||||
// Late-evaluate this value
|
||||
if (is_callable($override)) {
|
||||
if (!is_string($override) && is_callable($override)) {
|
||||
$override = $override();
|
||||
|
||||
// Late override may yet return null
|
||||
|
@ -109,6 +109,16 @@ class SSViewerTest extends SapphireTest
|
||||
$this->assertEquals('Test partial template: var value', trim(preg_replace("/<!--.*-->/U", '', $result)));
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure global methods aren't executed
|
||||
*/
|
||||
public function testTemplateExecution()
|
||||
{
|
||||
$data = new ArrayData([ 'Var' => 'phpinfo' ]);
|
||||
$result = $data->renderWith("SSViewerTestPartialTemplate");
|
||||
$this->assertEquals('Test partial template: phpinfo', trim(preg_replace("/<!--.*-->/U", '', $result)));
|
||||
}
|
||||
|
||||
public function testIncludeScopeInheritance()
|
||||
{
|
||||
$data = $this->getScopeInheritanceTestData();
|
||||
|
Loading…
x
Reference in New Issue
Block a user