diff options
author | icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-06-02 15:17:42 +0000 |
---|---|---|
committer | icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-06-02 15:17:42 +0000 |
commit | aa9cbc871f7683ae6238dcfaca18e2235d35e83d (patch) | |
tree | 08ba8ac5a6a6e295fc9aaa738a155f593ea0bf44 /engine | |
parent | e06d41575c5d9a00378e69355a3467143ac68456 (diff) | |
download | elgg-aa9cbc871f7683ae6238dcfaca18e2235d35e83d.tar.gz elgg-aa9cbc871f7683ae6238dcfaca18e2235d35e83d.tar.bz2 |
Marcus Povey <marcus@dushka.co.uk>
* Path check no longer an event, forces path check
git-svn-id: https://code.elgg.org/elgg/trunk@773 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/elgglib.php | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index a185d8c4e..ed58e9351 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -1126,19 +1126,24 @@ */ function execute_privileged_codeblock($function, array $params = null) { - // Test to see if we can actually execute code by calling any other functions - if (trigger_event("execute_privileged_codeblock", "all")) + // Test path first + if (can_path_execute_privileged_codeblock()) { - // Execute - $result = null; - - if (is_array($function)) - $result = $function[0]->$function[1]($params); - else - $result = $function($params); - // Return value - return $result; + // Test to see if we can actually execute code by calling any other functions + if (trigger_event("execute_privileged_codeblock", "all")) + { + // Execute + $result = null; + + if (is_array($function)) + $result = $function[0]->$function[1]($params); + else + $result = $function($params); + + // Return value + return $result; + } } throw new SecurityException("Denied access to execute privileged code block"); @@ -1147,9 +1152,8 @@ /** * Validate that a given path has privileges to execute a piece of privileged code. * - * TODO: Is this safe to execute as an event? */ - function epc_validate_path($event, $object_type, $object) + function can_path_execute_privileged_codeblock() { global $CONFIG; |