Commit Graph

11 Commits

Author SHA1 Message Date
Hamish Friedlander
47edbfe8fc FIX ConfigStaticManifest persisting access level after parsing a static 2013-03-22 14:26:48 +13:00
Ingo Schommer
8629985115 Mark private static deprecation notice for 3.2
Its too intrusive for 3.1 at the moment
2013-03-19 10:39:11 +01:00
Hamish Friedlander
beafcf38db Don't use Zend_Cache in manifests
The overhead of Zend_Cache in manifests is too high - we don't
need LRU or tags, just somewhere to dump a bunch of data that
persists

You can replace the class used by defining SS_MANIFESTCACHE
to be a class that implements the ManifestCache interface
(we can't use the Config system to set this, as it isn't
initialised yet).
2013-03-14 12:07:07 +13:00
Hamish Friedlander
d8a1df4312 Further secure eval call in ConfigStaticManifest
It shouldnt be possible to get ConfigStaticManifest to parse
a user uploaded file, and if you could it shouldnt be possible
to form PHP that token_get_all could parse which would end
up executing any code.

However just in case it is, this changes the eval to assign to a
static, so the eval will give a syntax error if an attacker
manages to make $value look like `ls` or some other expression
2013-03-13 12:42:48 +13:00
Hamish Friedlander
53595dc930 FIX Parsing docblock comments in ConfigStaticManifest 2013-03-13 11:59:49 +13:00
Hamish Friedlander
60b72edfba FIX Parsing heredoc, nowdoc & comments in ConfigStaticManifest 2013-03-13 11:26:49 +13:00
Hamish Friedlander
e6352dffbb FIX Static polution with informational fields 2013-03-12 17:14:12 +13:00
Hamish Friedlander
7f58730904 FIX Avoid get_parent_class in ConfigStaticManifest (was loading all classes) 2013-03-12 16:52:11 +13:00
Hamish Friedlander
943b5cf3a4 Remove debug message, any still unexpected token is an error 2013-03-12 15:40:12 +13:00
Hamish Friedlander
a6f1a200b6 Some micro-optimisations for Config 2013-03-04 09:25:23 +13:00
Hamish Friedlander
6b986cb17d Extract statics via code analysis rather than introspection 2013-02-28 09:43:33 +13:00