tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #59 from silverstripe-security/pulls/4.0/ss-2018-006

Browse Source 
[ss-2018-006] Prevent code execution in template value resolution
This commit is contained in:
Robbie Averill 2018-05-14 17:06:04 +12:00 committed by GitHub
commit 6f50728b18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Dev/FixtureBlueprint.php
View File

@ -121,7 +121,7 @@ class FixtureBlueprint
continue; continue;
} }
if (is_callable($fieldVal)) { if (!is_string($fieldVal) && is_callable($fieldVal)) {
$obj->$fieldName = $fieldVal($obj, $data, $fixtures); $obj->$fieldName = $fieldVal($obj, $data, $fixtures);
} else { } else {
$obj->$fieldName = $fieldVal; $obj->$fieldName = $fieldVal;

2
src/Forms/GridField/GridFieldDataColumns.php
View File

@ -281,7 +281,7 @@ class GridFieldDataColumns implements GridField_ColumnProvider
} }
$spec = $this->fieldFormatting[$fieldName]; $spec = $this->fieldFormatting[$fieldName];
if (is_callable($spec)) { if (!is_string($spec) && is_callable($spec)) {
return $spec($value, $item); return $spec($value, $item);
} else { } else {
$format = str_replace('$value', "__VAL__", $spec); $format = str_replace('$value', "__VAL__", $spec);

2
src/ORM/Hierarchy/MarkedSet.php
View File

@ -333,7 +333,7 @@ class MarkedSet
$parentNode->setField('markingClasses', $this->markingClasses($data['node'])); $parentNode->setField('markingClasses', $this->markingClasses($data['node']));
// Evaluate custom context // Evaluate custom context
if (is_callable($context)) { if (!is_string($context) && is_callable($context)) {
$context = call_user_func($context, $data['node']); $context = call_user_func($context, $data['node']);
} }
if ($context) { if ($context) {

2
src/View/SSViewer_DataPresenter.php
View File

@ -326,7 +326,7 @@ class SSViewer_DataPresenter extends SSViewer_Scope
$override = $overrides[$property]; $override = $overrides[$property];
// Late-evaluate this value // Late-evaluate this value
if (is_callable($override)) { if (!is_string($override) && is_callable($override)) {
$override = $override(); $override = $override();
// Late override may yet return null // Late override may yet return null

10
tests/php/View/SSViewerTest.php
View File

@ -109,6 +109,16 @@ class SSViewerTest extends SapphireTest
$this->assertEquals('Test partial template: var value', trim(preg_replace("/<!--.*-->/U", '', $result))); $this->assertEquals('Test partial template: var value', trim(preg_replace("/<!--.*-->/U", '', $result)));
} }
/**
* Ensure global methods aren't executed
*/
public function testTemplateExecution()
{
$data = new ArrayData([ 'Var' => 'phpinfo' ]);
$result = $data->renderWith("SSViewerTestPartialTemplate");
$this->assertEquals('Test partial template: phpinfo', trim(preg_replace("/<!--.*-->/U", '', $result)));
}
public function testIncludeScopeInheritance() public function testIncludeScopeInheritance()
{ {
$data = $this->getScopeInheritanceTestData(); $data = $this->getScopeInheritanceTestData();