tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-29 04:39:01 +02:00
Code Issues Projects Releases Wiki Activity

Further secure eval call in ConfigStaticManifest

Browse Source 
It shouldnt be possible to get ConfigStaticManifest to parse
a user uploaded file, and if you could it shouldnt be possible
to form PHP that token_get_all could parse which would end
up executing any code.

However just in case it is, this changes the eval to assign to a
static, so the eval will give a syntax error if an attacker
manages to make $value look like `ls` or some other expression
This commit is contained in:
Hamish Friedlander 2013-03-13 12:42:48 +13:00
parent 53595dc930
commit d8a1df4312
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/manifest/ConfigStaticManifest.php
View File

@ -318,9 +318,17 @@ class SS_ConfigStaticManifest_Parser {
$this->statics[$class] = array(); $this->statics[$class] = array();
} }
$value = trim($value);
if ($value) {
$value = eval('static $temp = '.$value.";\n".'return $temp'.";\n");
}
else {
$value = null;
}
$this->statics[$class][$variable] = array( $this->statics[$class][$variable] = array(
'access' => $access, 'access' => $access,
'value' => eval('return '.trim($value).";\n") 'value' => $value
); );
if($token == ',') $this->parseStatic($access, $class); if($token == ',') $this->parseStatic($access, $class);