Marcus Povey <marcus@dushka.co.uk>

* Path check no longer an event, forces path check

git-svn-id: https://code.elgg.org/elgg/trunk@773 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 17 insertions, 13 deletions

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index a185d8c4e..ed58e9351 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1126,19 +1126,24 @@
 	 */
 	function execute_privileged_codeblock($function, array $params = null)
 	{
-		// Test to see if we can actually execute code by calling any other functions
-		if (trigger_event("execute_privileged_codeblock", "all"))
+		// Test path first
+		if (can_path_execute_privileged_codeblock())
 		{
-			// Execute
-			$result = null;
-			
-			if (is_array($function))
-				$result = $function[0]->$function[1]($params);
-			else
-				$result = $function($params);	
 
-			// Return value
-			return $result;
+			// Test to see if we can actually execute code by calling any other functions
+			if (trigger_event("execute_privileged_codeblock", "all"))
+			{
+				// Execute
+				$result = null;
+				
+				if (is_array($function))
+					$result = $function[0]->$function[1]($params);
+				else
+					$result = $function($params);	
+	
+				// Return value
+				return $result;
+			}
 		}
 		
 		throw new SecurityException("Denied access to execute privileged code block");
@@ -1147,9 +1152,8 @@
 	/**
 	 * Validate that a given path has privileges to execute a piece of privileged code.
 	 * 
-	 * TODO: Is this safe to execute as an event?
 	 */
-	function epc_validate_path($event, $object_type, $object)
+	function can_path_execute_privileged_codeblock()
 	{
 		global $CONFIG;