aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authoricewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-02 11:47:01 +0000
committericewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-02 11:47:01 +0000
commitb4d8eccb0ef06eee437dd873c8a8fe5751cbcef8 (patch)
tree60e00b63cadf7e828c93eb2c27439180aa08375a /engine/lib
parent2c0c9692dd4efef01f6f65bb31d1ef2d159633e6 (diff)
downloadelgg-b4d8eccb0ef06eee437dd873c8a8fe5751cbcef8.tar.gz
elgg-b4d8eccb0ef06eee437dd873c8a8fe5751cbcef8.tar.bz2
Marcus Povey <marcus@dushka.co.uk>
* Privileged path check to privileged function execution. ... i really don't like this exception stuff. I think it would be better to say that you can't access stuff you can't access. git-svn-id: https://code.elgg.org/elgg/trunk@767 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/elgglib.php50
1 files changed, 22 insertions, 28 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index b2defab52..fc7627888 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1123,13 +1123,9 @@
*/
function execute_privileged_codeblock($function, array $params = null)
{
- // Test to see if we can actually execute code
+ // Test to see if we can actually execute code by calling any other functions
if (trigger_event("execute_privileged_codeblock", "all"))
{
-
-
- // Elevate privilege
-
// Execute
$result = null;
@@ -1138,43 +1134,41 @@
else
$result = $function($params);
- // return privilege
-
-
// Return value
return $result;
}
- else
- throw new SecurityException("Denied access to execute privileged code block");
+
+ throw new SecurityException("Denied access to execute privileged code block");
}
/**
* Validate that a given path has privileges to execute a piece of privileged code.
+ *
+ * TODO: Is this safe to execute as an event?
*/
function epc_validate_path($event, $object_type, $object)
{
+ global $CONFIG;
+
+ // Get a list of paths
+ $callstack = debug_backtrace();
+ $call_paths = array();
+ foreach ($callstack as $call)
+ $call_paths[] = sanitise_string($call['path']);
+
+ // Get privileged paths
+ $paths = get_data("SELECT * from {$CONFIG->dbprefix}privileged_paths");
+ foreach ($paths as $p)
+ {
+ if (in_array($CONFIG->path . "$p", $call_paths))
+ return true;
+ }
+
return false;
}
/// Register path evaluator
- //register_event_handler('execute_privileged_codeblock', 'all', 'epc_validate_path', 1);
-
+ register_event_handler('execute_privileged_codeblock', 'all', 'epc_validate_path', 1);
-
- // get admin user funciton
-
- // register privileged code block
-
-
- // check for plugin function - use reflection to make sure that function is permitted to execute code as privileged
- // Ensure that function can only be called from same dir tree -- compare where i'm called from to where function is.
- // check for user function
-
- // execute privileged code block
- // trigger check event
- // if ok then
- // swap user
- // execute
- // swap user
?> \ No newline at end of file