Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed a security bug.

  • Loading branch information...
commit 029d979316fbcb79faa7597e5981455350099af7 1 parent bc96258
Hong Minhee dahlia authored
2  Lisphp/List.php
@@ -7,7 +7,7 @@ class Lisphp_List extends ArrayObject implements Lisphp_Form {
7 7 function evaluate(Lisphp_Scope $scope) {
8 8 $function = $this->car()->evaluate($scope);
9 9 $applicable = $function instanceof Lisphp_Applicable;
10   - if (is_callable($function)) {
  10 + if (is_callable($function) && is_object($function)) {
11 11 $parameters = array();
12 12 foreach ($this->cdr() as $arg) {
13 13 $parameters[] = $arg->evaluate($scope);
4 Lisphp/Runtime/Function.php
@@ -9,7 +9,9 @@ class Lisphp_Runtime_Function implements Lisphp_Applicable {
9 9
10 10 static function call($func, array $args) {
11 11 if ($func instanceof self) return $func->execute($args);
12   - else if (is_callable($func)) return call_user_func_array($func, $args);
  12 + else if (is_callable($func) && is_object($func)) {
  13 + return call_user_func_array($func, $args);
  14 + }
13 15 throw new InvalidArgumentException('expected callable value');
14 16 }
15 17
6 Lisphp/Test/ListTest.php
@@ -20,6 +20,12 @@ function testInvalidApplication() {
20 20 $this->list->evaluate(new Lisphp_Scope);
21 21 }
22 22
  23 + function testInvalidApplication2() {
  24 + $this->setExpectedException('InvalidApplicationException');
  25 + $l = Lisphp_Parser::parseForm('("trim" " hello ")', $_);
  26 + $l->evaluate(new Lisphp_Scope);
  27 + }
  28 +
23 29 function testEvaluate() {
24 30 $scope = new Lisphp_Scope;
25 31 $scope['define'] = new Lisphp_Runtime_Define;
17 Lisphp/Test/RuntimeTest.php
@@ -204,8 +204,12 @@ function testGenericCall() {
204 204 array(1, 2)
205 205 );
206 206 $this->assertEquals(3, $val);
207   - $val = Lisphp_Runtime_Function::call('trim', array(' hello '));
208   - $this->assertEquals('hello', $val);
  207 + try {
  208 + Lisphp_Runtime_Function::call('trim', array('a'));
  209 + $this->fail();
  210 + } catch (InvalidArgumentException $e) {
  211 + # pass
  212 + }
209 213 try {
210 214 Lisphp_Runtime_Function::call(1, array());
211 215 $this->fail();
@@ -214,6 +218,15 @@ function testGenericCall() {
214 218 }
215 219 }
216 220
  221 + function testGenericCall530() {
  222 + if (version_compare(phpversion(), '5.3.0', '<')) {
  223 + $this->markTestSkipped('PHP version is less than 5.3.0.');
  224 + }
  225 + eval('$f = function($a, $b) { return $a + $b; };');
  226 + $val = Lisphp_Runtime_Function::call($f, array(1, 2));
  227 + $this->assertEquals(3, $val);
  228 + }
  229 +
217 230 function testApply() {
218 231 $apply = new Lisphp_Runtime_Apply;
219 232 $add = new Lisphp_Runtime_Arithmetic_Addition;

0 comments on commit 029d979

Please sign in to comment.
Something went wrong with that request. Please try again.