tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-28 23:49:26 +02:00
Code Issues Projects Releases Wiki Activity

FIX: Use isolated scope when requiring files for module activation

Browse Source
This commit is contained in:
Loz Calver 2017-10-18 09:59:46 +01:00 committed by Christopher Joe
parent e9e7bd649e
commit bb9501797f
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Core/Manifest/Module.php
View File

@ -158,7 +158,7 @@ class Module implements Serializable
{
$config = "{$this->path}/_config.php";
if (file_exists($config)) {
require_once $config;
requireFile($config);
}
}
@ -247,3 +247,15 @@ class Module implements Serializable
->exists();
}
}
/**
* Scope isolated require - prevents access to $this, and prevents module _config.php
* files potentially leaking variables. Required argument $file is commented out
* to avoid leaking that into _config.php
*
* @param string $file
*/
function requireFile()
{
require_once func_get_arg(0);
}