diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-11-19 20:35:31 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-11-19 20:35:31 +0000 |
| commit | 203b6a88b2666352f2ed5d241b4ad738fde1e9bd (patch) | |
| tree | 338c2036c2fc84db297110e3775bb110b0cef002 /includes | |
| parent | 2b2f2796ce6553ce9b83735eab12afb5f5a4f0c7 (diff) | |
| download | brdo-203b6a88b2666352f2ed5d241b4ad738fde1e9bd.tar.gz brdo-203b6a88b2666352f2ed5d241b4ad738fde1e9bd.tar.bz2 | |
- Patch #944198 by sun: functions that call drupal_system_listing() act on potentially invalid system items.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/bootstrap.inc | 9 | ||||
| -rw-r--r-- | includes/install.inc | 2 | ||||
| -rw-r--r-- | includes/menu.inc | 3 | ||||
| -rw-r--r-- | includes/module.inc | 2 |
4 files changed, 11 insertions, 5 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 833d3e0b8..256121c3e 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -241,6 +241,13 @@ define('REGISTRY_RESET_LOOKUP_CACHE', 1); define('REGISTRY_WRITE_LOOKUP_CACHE', 2); /** + * Regular expression to match PHP function names. + * + * @see http://php.net/manual/en/language.functions.php + */ +define('DRUPAL_PHP_FUNCTION_PATTERN', '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*'); + +/** * Start the timer with the specified name. If you start and stop the same * timer multiple times, the measured intervals will be accumulated. * @@ -703,7 +710,7 @@ function drupal_get_filename($type, $name, $filename = NULL) { // extension, not just the file we are currently looking for. This // prevents unnecessary scans from being repeated when this function is // called more than once in the same page request. - $matches = drupal_system_listing("/\.$extension$/", $dir, 'name', 0); + $matches = drupal_system_listing("/^" . DRUPAL_PHP_FUNCTION_PATTERN . "\.$extension$/", $dir, 'name', 0); foreach ($matches as $matched_name => $file) { $files[$type][$matched_name] = $file->uri; } diff --git a/includes/install.inc b/includes/install.inc index 5f16c018b..3c51dc123 100644 --- a/includes/install.inc +++ b/includes/install.inc @@ -551,7 +551,7 @@ function drupal_verify_profile($install_state) { // Get a list of modules that exist in Drupal's assorted subdirectories. $present_modules = array(); - foreach (drupal_system_listing('/\.module$/', 'modules', 'name', 0) as $present_module) { + foreach (drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.module$/', 'modules', 'name', 0) as $present_module) { $present_modules[] = $present_module->name; } diff --git a/includes/menu.inc b/includes/menu.inc index 9eb248c1b..9d3fef979 100644 --- a/includes/menu.inc +++ b/includes/menu.inc @@ -3309,8 +3309,7 @@ function _menu_router_build($callbacks) { $match = FALSE; // Look for wildcards in the form allowed to be used in PHP functions, // because we are using these to construct the load function names. - // See http://php.net/manual/en/language.functions.php for reference. - if (preg_match('/^%(|[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$/', $part, $matches)) { + if (preg_match('/^%(|' . DRUPAL_PHP_FUNCTION_PATTERN . ')$/', $part, $matches)) { if (empty($matches[1])) { $match = TRUE; $load_functions[$k] = NULL; diff --git a/includes/module.inc b/includes/module.inc index 40396b101..b00156d19 100644 --- a/includes/module.inc +++ b/includes/module.inc @@ -786,7 +786,7 @@ function module_invoke_all() { * Array of modules required by core. */ function drupal_required_modules() { - $files = drupal_system_listing('/\.info$/', 'modules', 'name', 0); + $files = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.info$/', 'modules', 'name', 0); $required = array(); // An install profile is required and one must always be loaded. |