projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad01a47) | patch
Always restrict valid template modifiers to an allow list
authorTim Düsterhus <duesterhus@woltlab.com>
Wed, 11 May 2022 12:32:19 +0000 (14:32 +0200)
committerTim Düsterhus <duesterhus@woltlab.com>
Wed, 11 May 2022 12:32:19 +0000 (14:32 +0200)
commitbfddcab778b25ece1136eaff4b688812495b96d5
treefc9b9f4e00cb2956fbe846809b5c8c99de9295bbtree | snapshot (tar.gz zip)
parentad01a4736689a08626bb3be7a621007c617b4f31commit | diff
Always restrict valid template modifiers to an allow list

Previously this allow list was only used in enterprise mode, but it is
generally a useful security feature. Thus the allow list previously known as
`$enterpriseFunctions` is applied in call cases.

This also makes it easier for developers, as there will be less differences
between the enterprise mode and the non-enterprise mode.

As before this allow list can easily be extended if a useful function is
missing from it.
wcfsetup/install/files/lib/system/template/TemplateScriptingCompiler.class.php diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)