Skip to content
Permalink
Browse files

Fix string security issue for callable.

  • Loading branch information...
dereuromark committed Sep 25, 2017
1 parent 363b258 commit 6f643bc24a80c79b89cb7b13c8aa2d6f263426d4
Showing with 8 additions and 0 deletions.
  1. +8 −0 src/ORM/Behavior/CounterCacheBehavior.php
@@ -18,6 +18,7 @@
use Cake\Event\Event;
use Cake\ORM\Association;
use Cake\ORM\Behavior;
use RuntimeException;
/**
* CounterCache behavior
@@ -202,6 +203,7 @@ protected function _processAssociations(Event $event, EntityInterface $entity)
* @param \Cake\ORM\Association $assoc The association object
* @param array $settings The settings for for counter cache for this association
* @return void
* @throws \RuntimeException If invalid callable is passed.
*/
protected function _processAssociation(Event $event, EntityInterface $entity, Association $assoc, array $settings)
{
@@ -228,6 +230,9 @@ protected function _processAssociation(Event $event, EntityInterface $entity, As
}
if (is_callable($config)) {
if (is_string($config)) {
throw new RuntimeException('You must not use a string as callable.');
}
$count = $config($event, $entity, $this->_table, false);
} else {
$count = $this->_getCount($config, $countConditions);
@@ -237,6 +242,9 @@ protected function _processAssociation(Event $event, EntityInterface $entity, As
if (isset($updateOriginalConditions)) {
if (is_callable($config)) {
if (is_string($config)) {
throw new RuntimeException('You must not use a string as callable.');
}
$count = $config($event, $entity, $this->_table, true);
} else {
$count = $this->_getCount($config, $countOriginalConditions);

0 comments on commit 6f643bc

Please sign in to comment.
You can’t perform that action at this time.