silverstripe-framework/core/manifest
Hamish Friedlander d8a1df4312 Further secure eval call in ConfigStaticManifest
It shouldnt be possible to get ConfigStaticManifest to parse
a user uploaded file, and if you could it shouldnt be possible
to form PHP that token_get_all could parse which would end
up executing any code.

However just in case it is, this changes the eval to assign to a
static, so the eval will give a syntax error if an attacker
manages to make $value look like `ls` or some other expression
2013-03-13 12:42:48 +13:00
..
ClassLoader.php ENHANCEMENT Added $exclusive flag to SS_ClassLoader->pushManifest() to allow for multiple manifests co-existing (useful for tests which rely on core classes but also want to test their own manifests) 2012-04-15 17:17:15 +02:00
ClassManifest.php MINOR: Remove checks for PHP < 5.3.2, as it's no longer supported 2012-04-18 10:38:09 +12:00
ConfigManifest.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
ConfigStaticManifest.php Further secure eval call in ConfigStaticManifest 2013-03-13 12:42:48 +13:00
ManifestFileFinder.php MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
TemplateLoader.php API Explicitly load project template files after modules 2012-12-04 10:47:37 +01:00
TemplateManifest.php API Explicitly load project template files after modules 2012-12-04 10:47:37 +01:00
TokenisedRegularExpression.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00