mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
FIX: Use isolated scope when requiring files for module activation
This commit is contained in:
parent
e9e7bd649e
commit
bb9501797f
@ -158,7 +158,7 @@ class Module implements Serializable
|
||||
{
|
||||
$config = "{$this->path}/_config.php";
|
||||
if (file_exists($config)) {
|
||||
require_once $config;
|
||||
requireFile($config);
|
||||
}
|
||||
}
|
||||
|
||||
@ -247,3 +247,15 @@ class Module implements Serializable
|
||||
->exists();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Scope isolated require - prevents access to $this, and prevents module _config.php
|
||||
* files potentially leaking variables. Required argument $file is commented out
|
||||
* to avoid leaking that into _config.php
|
||||
*
|
||||
* @param string $file
|
||||
*/
|
||||
function requireFile()
|
||||
{
|
||||
require_once func_get_arg(0);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user