aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authoricewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-02 15:17:42 +0000
committericewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-02 15:17:42 +0000
commitaa9cbc871f7683ae6238dcfaca18e2235d35e83d (patch)
tree08ba8ac5a6a6e295fc9aaa738a155f593ea0bf44 /engine
parente06d41575c5d9a00378e69355a3467143ac68456 (diff)
downloadelgg-aa9cbc871f7683ae6238dcfaca18e2235d35e83d.tar.gz
elgg-aa9cbc871f7683ae6238dcfaca18e2235d35e83d.tar.bz2
Marcus Povey <marcus@dushka.co.uk>
* Path check no longer an event, forces path check git-svn-id: https://code.elgg.org/elgg/trunk@773 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/elgglib.php30
1 files changed, 17 insertions, 13 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index a185d8c4e..ed58e9351 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1126,19 +1126,24 @@
*/
function execute_privileged_codeblock($function, array $params = null)
{
- // Test to see if we can actually execute code by calling any other functions
- if (trigger_event("execute_privileged_codeblock", "all"))
+ // Test path first
+ if (can_path_execute_privileged_codeblock())
{
- // Execute
- $result = null;
-
- if (is_array($function))
- $result = $function[0]->$function[1]($params);
- else
- $result = $function($params);
- // Return value
- return $result;
+ // Test to see if we can actually execute code by calling any other functions
+ if (trigger_event("execute_privileged_codeblock", "all"))
+ {
+ // Execute
+ $result = null;
+
+ if (is_array($function))
+ $result = $function[0]->$function[1]($params);
+ else
+ $result = $function($params);
+
+ // Return value
+ return $result;
+ }
}
throw new SecurityException("Denied access to execute privileged code block");
@@ -1147,9 +1152,8 @@
/**
* Validate that a given path has privileges to execute a piece of privileged code.
*
- * TODO: Is this safe to execute as an event?
*/
- function epc_validate_path($event, $object_type, $object)
+ function can_path_execute_privileged_codeblock()
{
global $CONFIG;