mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-07-26 08:50:30 +02:00
Code Issues Projects Releases Wiki Activity

MDL-70920 core: prevent calls to call_user_fun_array() with assoc array

Browse Source
This commit is contained in:
Marina Glancy
2021-02-18 11:49:43 +01:00
parent 7b003c04a8
commit f4fb91aecb
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/classes/shutdown_manager.php
View File

@@ -144,7 +144,7 @@ class core_shutdown_manager {
error_log('Invalid custom shutdown function detected '.var_export($callback, true));
// @codingStandardsIgnoreEnd
}
self::$callbacks[] = [$callback, $params ?? []];
self::$callbacks[] = [$callback, $params ? array_values($params) : []];
}
/**

2
lib/ddl/sql_generator.php
View File

@@ -1237,7 +1237,7 @@ abstract class sql_generator {
}
// Now call the standard $DB->sql_concat() DML function
return call_user_func_array(array($this->mdb, 'sql_concat'), $elements);
return call_user_func_array(array($this->mdb, 'sql_concat'), array_values($elements));
}
/**

2
lib/dml/sqlsrv_native_moodle_database.php
View File

@@ -1426,7 +1426,7 @@ class sqlsrv_native_moodle_database extends moodle_database {
for ($n = count($elements) - 1; $n > 0; $n--) {
array_splice($elements, $n, 0, $separator);
}
return call_user_func_array(array($this, 'sql_concat'), $elements);
return call_user_func_array(array($this, 'sql_concat'), array_values($elements));
}
public function sql_isempty($tablename, $fieldname, $nullablefield, $textfield) {

10
lib/moodlelib.php
View File

@@ -8062,6 +8062,16 @@ function component_callback($component, $function, array $params = array(), $def
$functionname = component_callback_exists($component, $function);
if ($params && (array_keys($params) !== range(0, count($params) - 1))) {
// PHP 8 allows to have associative arrays in the call_user_func_array() parameters but
// PHP 7 does not. Using associative arrays can result in different behavior in different PHP versions.
// See https://php.watch/versions/8.0/named-parameters#named-params-call_user_func_array
// This check can be removed when minimum PHP version for Moodle is raised to 8.
debugging('Parameters array can not be an associative array while Moodle supports both PHP 7 and PHP 8.',
DEBUG_DEVELOPER);
$params = array_values($params);
}
if ($functionname) {
// Function exists, so just return function result.
$ret = call_user_func_array($functionname, $params);