From c5536aac5752054f7f76e448d58b86407d8f574e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 1 Nov 2012 17:33:58 +0200 Subject: Manually apply PR #1594 (fixing phpdoc page-level generation/warnings) Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files. --- system/core/Common.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index 2dd31d3e9..3b7ea6ad4 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -1,4 +1,4 @@ - Date: Wed, 7 Nov 2012 14:23:29 +0200 Subject: Added function_usable() to common functions It is now used to check whether dangerous functions like eval() and exec() are available. It appears that the Suhosin extension (which is becoming popular) terminates script execution instead of returning e.g. FALSE when it has a function blacklisted. function_exists() checks are insufficient and our only option is to check the ini settings here. Filed an issue here: https://github.com/stefanesser/suhosin/issues/18 ... hopefully we'll be able to deal with this in a more elegant way in the future. (this commit supersedes PR #1809) --- system/core/Common.php | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index 3b7ea6ad4..aea5f1808 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -651,5 +651,52 @@ if ( ! function_exists('_stringify_attributes')) } } +// ------------------------------------------------------------------------ + +if ( ! function_exists('function_usable')) +{ + /** + * Function usable + * + * Executes a function_exists() check, and if the Suhosin PHP + * extension is loaded - checks whether the function that is + * checked might be disabled in there as well. + * + * This is useful as function_exists() will return FALSE for + * functions disabled via the *disable_functions* php.ini + * setting, but not for *suhosin.executor.func.blacklist* and + * *suhosin.executor.disable_eval*. These settings will just + * terminate script execution if a disabled function is executed. + * + * @link http://www.hardened-php.net/suhosin/ + * @param string $function_name Function to check for + * @return bool TRUE if the function exists and is safe to call, + * FALSE otherwise. + */ + function function_usable($function_name) + { + static $_suhosin_func_blacklist; + + if (function_exists($function_name)) + { + if ( ! isset($_suhosin_func_blacklist)) + { + $_suhosin_func_blacklist = extension_loaded('suhosin') + ? array() + : explode(',', trim(@ini_get('suhosin.executor.func.blacklist'))); + + if ( ! in_array('eval', $_suhosin_func_blacklist, TRUE) && @ini_get('suhosin.executor.disable_eval')) + { + $_suhosin_func_blacklist[] = 'eval'; + } + } + + return in_array($function_name, $_suhosin_func_blacklist, TRUE); + } + + return FALSE; + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 0aeee85b5164e31e2a76c05caa97bd898c1a776d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 9 Nov 2012 17:43:11 +0200 Subject: Move the Log class to system/core/ It is a core class after all, I guess somebody forgot it when the rest of them were moved. --- system/core/Common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index aea5f1808..7feb16bfd 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -420,7 +420,7 @@ if ( ! function_exists('log_message')) return; } - $_log =& load_class('Log'); + $_log =& load_class('Log', 'core'); $_log->write_log($level, $message, $php_error); } } -- cgit v1.2.3-24-g4f1b