mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
d8a1df4312
It shouldnt be possible to get ConfigStaticManifest to parse a user uploaded file, and if you could it shouldnt be possible to form PHP that token_get_all could parse which would end up executing any code. However just in case it is, this changes the eval to assign to a static, so the eval will give a syntax error if an attacker manages to make $value look like `ls` or some other expression |
||
---|---|---|
.. | ||
manifest | ||
ArrayLib.php | ||
ClassInfo.php | ||
Config.php | ||
Convert.php | ||
Core.php | ||
DAG.php | ||
Diff.php | ||
Extension.php | ||
HTMLCleaner.php | ||
Object.php | ||
PaginatedList.php | ||
TempPath.php |