mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-31 14:00:31 +02:00
some tiny fixes.
git-svn-id: file:///svn/phpbb/trunk@6614 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
@@ -213,7 +213,6 @@ class p_master
|
||||
|
||||
/**
|
||||
* Check module authorisation
|
||||
* @todo Have a look at the eval statement and replace with other code...
|
||||
*/
|
||||
function module_auth($module_auth)
|
||||
{
|
||||
@@ -227,8 +226,38 @@ class p_master
|
||||
return true;
|
||||
}
|
||||
|
||||
// With the code below we make sure only those elements get eval'd we really want to be checked
|
||||
preg_match_all('/(?:
|
||||
"[^"\\\\]*(?:\\\\.[^"\\\\]*)*" |
|
||||
\'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\' |
|
||||
[(),] |
|
||||
[^\s(),]+)/x', $module_auth, $match);
|
||||
|
||||
$tokens = $match[0];
|
||||
for ($i = 0, $size = sizeof($tokens); $i < $size; $i++)
|
||||
{
|
||||
$token = &$tokens[$i];
|
||||
|
||||
switch ($token)
|
||||
{
|
||||
case ')':
|
||||
case '(':
|
||||
case '&&':
|
||||
case '||':
|
||||
break;
|
||||
|
||||
default:
|
||||
if (!preg_match('#(?:acl_([a-z_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z_]+))|(?:cfg_([a-z_]+))#', $token))
|
||||
{
|
||||
$token = '';
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
$module_auth = implode(' ', $tokens);
|
||||
|
||||
$is_auth = false;
|
||||
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', '(int) $this->acl_forum_id', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $module_auth) . ');');
|
||||
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $this->acl_forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']'), $module_auth) . ');');
|
||||
|
||||
return $is_auth;
|
||||
}
|
||||
|
Reference in New Issue
Block a user