[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: phpgroupware/doc inlinedocparser.php,1.27,1.28
From: |
Jason Wies <address@hidden> |
Subject: |
[Phpgroupware-cvs] CVS: phpgroupware/doc inlinedocparser.php,1.27,1.28 |
Date: |
Mon, 17 Feb 2003 14:32:28 -0500 |
Update of /cvsroot/phpgroupware/phpgroupware/doc
In directory subversions:/tmp/cvs-serv5698
Modified Files:
inlinedocparser.php
Log Message:
Add support for inline docs inside a comment block, add @required and @optional
detection, fix security problem with passing '..' in files[]
Index: inlinedocparser.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgroupware/doc/inlinedocparser.php,v
retrieving revision 1.27
retrieving revision 1.28
diff -C2 -r1.27 -r1.28
*** inlinedocparser.php 26 Jan 2002 23:26:32 -0000 1.27
--- inlinedocparser.php 17 Feb 2003 19:32:26 -0000 1.28
***************
*** 54,58 ****
function parseobject($input)
{
! $types =
array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access');
$new = explode("@",$input);
while (list($x,$y) = each($new))
--- 54,58 ----
function parseobject($input)
{
! $types =
array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access','required','optional');
$new = explode("@",$input);
while (list($x,$y) = each($new))
***************
*** 101,105 ****
function parsesimpleobject($input)
{
! $types =
array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access');
$input = ereg_replace ("@", "@#", $input);
$new = explode("@",$input);
--- 101,105 ----
function parsesimpleobject($input)
{
! $types =
array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access','required','optional');
$input = ereg_replace ("@", "@#", $input);
$new = explode("@",$input);
***************
*** 149,152 ****
--- 149,164 ----
\**************************************************************************/
+ /* Prevents passing files[]=../../../secret_file or files[]=/etc/passwd
*/
+ if (is_array($GLOBALS['files']))
+ {
+ while (list($p, $fn) = each ($GLOBALS['files']))
+ {
+ if (ereg('\.\.', $fn) || ereg('^/', $fn))
+ {
+ unset($GLOBALS['files'][$p]);
+ }
+ }
+ }
+
if (!isset($GLOBALS['HTTP_GET_VARS']['object_type']))
{
***************
*** 292,295 ****
--- 304,308 ----
{
preg_match_all("#@(.*)$#sUi",$val[1],$data);
+ $data[1][0] = ereg_replace ("\n([[:space:]]+)\*",
"\n\\1", $data[1][0]);
$data[1][0] = ereg_replace ("@", "@#", $data[1][0]);
$returndata = parseobject($data[1][0], $fn);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: phpgroupware/doc inlinedocparser.php,1.27,1.28,
Jason Wies <address@hidden> <=