Changeset 2258


Ignore:
Timestamp:
03/15/10 17:34:33 (14 years ago)
Author:
pedroerp
Message:

Ticket #609 - Atualizando e padronizando alguns comentários.

Location:
sandbox/workflow/branches/609/lib
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • sandbox/workflow/branches/609/lib/factory/ProcessWrapperFactory.php

    r2249 r2258  
    1414 * processes are updated and using our new static factory. The 
    1515 * only purpose of this class is to forward the calls to our 
    16  * frontend factory class. 
     16 * frontend factory class. Formally, it's an Adapter Design Pattern. 
    1717 * 
    18  * `<tag>` 
    19  * `<tag>` 
    20  * `<tag>` 
     18 * @package Factory 
     19 * @license http://www.gnu.org/copyleft/gpl.html GPL 
     20 * @author Pedro Eugênio Rocha - pedro.eugenio.rocha@gmail.com 
    2121 */ 
    2222class ProcessWrapperFactory 
  • sandbox/workflow/branches/609/lib/security/Security.php

    r2249 r2258  
    4343         * Returns the current security mode. 
    4444         * @access public 
    45          * @return boolea 
     45         * @return boolean 
    4646         * @static 
    4747         */ 
     
    8787         * For safe dir we mean that no process code exists under it. 
    8888         * The 'depth' parameter specifies the deepness of the file that 
    89          * we are validate. Default value is to validate the imediate 
     89         * we are validating. Default value is to validate the imediate 
    9090         * previous function. 
    9191         * 
     
    108108                return false; 
    109109        } 
    110  
    111  
    112         /** 
    113          * This function do all the security stuff. 
    114          * Here we must define in which files we are able 
    115          * to change the security mode. 
    116          * 
    117          * @access private 
    118          * @return boolean 
    119          * @static 
    120          */ 
    121         private static function _isAllowed() { 
    122                 $backtrace = debug_backtrace(); 
    123  
    124  
    125                 /* $backtrace[1] specifies the imediate antecessor function */ 
    126                 $originFile = basename($backtrace[1]['file']); 
    127  
    128  
    129                 /** 
    130                  * TODO - TODO - TODO - TODO 
    131                  * We all know that compare file names is a awful thing.. 
    132                  * what makes it even worse is the fact that the file name 
    133                  * could contain double slashes (e.g. //) caused by wrong 
    134                  * concatenations. So we cannot compare the whole file path. 
    135                  * Moreover, if the process has a file named $allowedFile, 
    136                  * our security will eventually fail.. 
    137                  * 
    138                  * Anyway, we should think in a better way to validate this... 
    139                  */ 
    140                 if (basename($originFile) == basename($allowedFile)) 
    141                         return true; 
    142                 return false; 
    143         } 
    144110} 
    145111?> 
Note: See TracChangeset for help on using the changeset viewer.