Changeset 2258 for sandbox/workflow/branches/609/lib/security/Security.php
- Timestamp:
- 03/15/10 17:34:33 (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sandbox/workflow/branches/609/lib/security/Security.php
r2249 r2258 43 43 * Returns the current security mode. 44 44 * @access public 45 * @return boolea 45 * @return boolean 46 46 * @static 47 47 */ … … 87 87 * For safe dir we mean that no process code exists under it. 88 88 * The 'depth' parameter specifies the deepness of the file that 89 * we are validat e. Default value is to validate the imediate89 * we are validating. Default value is to validate the imediate 90 90 * previous function. 91 91 * … … 108 108 return false; 109 109 } 110 111 112 /**113 * This function do all the security stuff.114 * Here we must define in which files we are able115 * to change the security mode.116 *117 * @access private118 * @return boolean119 * @static120 */121 private static function _isAllowed() {122 $backtrace = debug_backtrace();123 124 125 /* $backtrace[1] specifies the imediate antecessor function */126 $originFile = basename($backtrace[1]['file']);127 128 129 /**130 * TODO - TODO - TODO - TODO131 * We all know that compare file names is a awful thing..132 * what makes it even worse is the fact that the file name133 * could contain double slashes (e.g. //) caused by wrong134 * concatenations. So we cannot compare the whole file path.135 * Moreover, if the process has a file named $allowedFile,136 * our security will eventually fail..137 *138 * Anyway, we should think in a better way to validate this...139 */140 if (basename($originFile) == basename($allowedFile))141 return true;142 return false;143 }144 110 } 145 111 ?>
Note: See TracChangeset
for help on using the changeset viewer.