Changeset 2258
- Timestamp:
- 03/15/10 17:34:33 (14 years ago)
- Location:
- sandbox/workflow/branches/609/lib
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
sandbox/workflow/branches/609/lib/factory/ProcessWrapperFactory.php
r2249 r2258 14 14 * processes are updated and using our new static factory. The 15 15 * only purpose of this class is to forward the calls to our 16 * frontend factory class. 16 * frontend factory class. Formally, it's an Adapter Design Pattern. 17 17 * 18 * `<tag>`19 * `<tag>`20 * `<tag>`18 * @package Factory 19 * @license http://www.gnu.org/copyleft/gpl.html GPL 20 * @author Pedro Eugênio Rocha - pedro.eugenio.rocha@gmail.com 21 21 */ 22 22 class ProcessWrapperFactory -
sandbox/workflow/branches/609/lib/security/Security.php
r2249 r2258 43 43 * Returns the current security mode. 44 44 * @access public 45 * @return boolea 45 * @return boolean 46 46 * @static 47 47 */ … … 87 87 * For safe dir we mean that no process code exists under it. 88 88 * The 'depth' parameter specifies the deepness of the file that 89 * we are validat e. Default value is to validate the imediate89 * we are validating. Default value is to validate the imediate 90 90 * previous function. 91 91 * … … 108 108 return false; 109 109 } 110 111 112 /**113 * This function do all the security stuff.114 * Here we must define in which files we are able115 * to change the security mode.116 *117 * @access private118 * @return boolean119 * @static120 */121 private static function _isAllowed() {122 $backtrace = debug_backtrace();123 124 125 /* $backtrace[1] specifies the imediate antecessor function */126 $originFile = basename($backtrace[1]['file']);127 128 129 /**130 * TODO - TODO - TODO - TODO131 * We all know that compare file names is a awful thing..132 * what makes it even worse is the fact that the file name133 * could contain double slashes (e.g. //) caused by wrong134 * concatenations. So we cannot compare the whole file path.135 * Moreover, if the process has a file named $allowedFile,136 * our security will eventually fail..137 *138 * Anyway, we should think in a better way to validate this...139 */140 if (basename($originFile) == basename($allowedFile))141 return true;142 return false;143 }144 110 } 145 111 ?>
Note: See TracChangeset
for help on using the changeset viewer.