1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00

some tiny fixes.

git-svn-id: file:///svn/phpbb/trunk@6614 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2006-11-19 21:00:48 +00:00
parent f782890332
commit 6a08242684
9 changed files with 44 additions and 25 deletions

View File

@@ -213,7 +213,6 @@ class p_master
/**
* Check module authorisation
* @todo Have a look at the eval statement and replace with other code...
*/
function module_auth($module_auth)
{
@@ -227,8 +226,38 @@ class p_master
return true;
}
// With the code below we make sure only those elements get eval'd we really want to be checked
preg_match_all('/(?:
"[^"\\\\]*(?:\\\\.[^"\\\\]*)*" |
\'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\' |
[(),] |
[^\s(),]+)/x', $module_auth, $match);
$tokens = $match[0];
for ($i = 0, $size = sizeof($tokens); $i < $size; $i++)
{
$token = &$tokens[$i];
switch ($token)
{
case ')':
case '(':
case '&&':
case '||':
break;
default:
if (!preg_match('#(?:acl_([a-z_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z_]+))|(?:cfg_([a-z_]+))#', $token))
{
$token = '';
}
break;
}
}
$module_auth = implode(' ', $tokens);
$is_auth = false;
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', '(int) $this->acl_forum_id', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $module_auth) . ');');
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $this->acl_forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']'), $module_auth) . ');');
return $is_auth;
}