On 27 January 2015 at 01:02, Hannes Magnusson <[email protected]> wrote:
> is this actually used anywhere? > Nope, the print_view() function isn't used anywhere in this repo, that I can see. I guess we could just nuke it. > > -Hannes > > > On Tue, Jan 20, 2015 at 1:10 PM, Peter Cowburn <[email protected]> wrote: > > Commit: 686c4181e35c1b248dd95d502524cdc11a86c6d4 > > Author: Anthony Ferrara <[email protected]> Tue, 20 Jan > 2015 16:10:19 -0500 > > Parents: a4d873b05f0ea8ec26327bcccc645f051e15ca18 > > Branches: master > > > > Link: > http://git.php.net/?p=web/php.git;a=commitdiff;h=686c4181e35c1b248dd95d502524cdc11a86c6d4 > > > > Log: > > Fix potential file-include vulnerability > > > > Fix potential file-include vulnerability by adding `EXTR_SKIP` to > extract so it doesn't overwrite `$params` array. > > > > Changed paths: > > M include/layout.inc > > > > > > Diff: > > diff --git a/include/layout.inc b/include/layout.inc > > index 4b7d29e..9fc583b 100644 > > --- a/include/layout.inc > > +++ b/include/layout.inc > > @@ -396,7 +396,7 @@ function print_view($templateName, array $params = > array()) { > > $path = $_SERVER['DOCUMENT_ROOT'] . '/views/' . $templateName; > > if(file_exists($path)) { > > if(!empty($params)) { > > - extract($params); > > + extract($params, EXTR_SKIP); > > } > > include_once $path; > > } > > > > > > -- > > PHP Webmaster List Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > >
