FIX: Use isolated scope when requiring files for module activation

This commit is contained in:
Loz Calver 2017-10-18 09:59:46 +01:00 committed by Christopher Joe
parent e9e7bd649e
commit bb9501797f

View File

@ -158,7 +158,7 @@ class Module implements Serializable
{
$config = "{$this->path}/_config.php";
if (file_exists($config)) {
require_once $config;
requireFile($config);
}
}
@ -247,3 +247,15 @@ class Module implements Serializable
->exists();
}
}
/**
* Scope isolated require - prevents access to $this, and prevents module _config.php
* files potentially leaking variables. Required argument $file is commented out
* to avoid leaking that into _config.php
*
* @param string $file
*/
function requireFile()
{
require_once func_get_arg(0);
}