extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-03-03 17:51:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add support for inline docs inside a comment block, add @required and @optional detection, fix security problem with passing '..' in files[]

Browse Source
This commit is contained in:
Zone 2003-02-17 19:32:26 +00:00
parent 20edfad1a9
commit 01f81f7f76
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/inlinedocparser.php
View File

@ -53,7 +53,7 @@
*/ */
function parseobject($input) function parseobject($input)
{ {
$types = array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access'); $types = array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access','required','optional');
$new = explode("@",$input); $new = explode("@",$input);
while (list($x,$y) = each($new)) while (list($x,$y) = each($new))
{ {
@ -100,7 +100,7 @@
*/ */
function parsesimpleobject($input) function parsesimpleobject($input)
{ {
$types = array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access'); $types = array('abstract','param','example','syntax','result','description','discussion','author','copyright','package','access','required','optional');
$input = ereg_replace ("@", "@#", $input); $input = ereg_replace ("@", "@#", $input);
$new = explode("@",$input); $new = explode("@",$input);
if (count($new) < 3) if (count($new) < 3)
@ -148,6 +148,18 @@
* limiting and selecting what to print * * limiting and selecting what to print *
\**************************************************************************/ \**************************************************************************/
/* Prevents passing files[]=../../../secret_file or files[]=/etc/passwd */
if (is_array($GLOBALS['files']))
{
while (list($p, $fn) = each ($GLOBALS['files']))
{
if (ereg('\.\.', $fn) || ereg('^/', $fn))
{
unset($GLOBALS['files'][$p]);
}
}
}
if (!isset($GLOBALS['HTTP_GET_VARS']['object_type'])) if (!isset($GLOBALS['HTTP_GET_VARS']['object_type']))
{ {
$GLOBALS['object_type'] = 'function'; $GLOBALS['object_type'] = 'function';
@ -291,6 +303,7 @@
while (list($key,$val) = each($matches)) while (list($key,$val) = each($matches))
{ {
preg_match_all("#@(.*)$#sUi",$val[1],$data); preg_match_all("#@(.*)$#sUi",$val[1],$data);
$data[1][0] = ereg_replace ("\n([[:space:]]+)\*", "\n\\1", $data[1][0]);
$data[1][0] = ereg_replace ("@", "@#", $data[1][0]); $data[1][0] = ereg_replace ("@", "@#", $data[1][0]);
$returndata = parseobject($data[1][0], $fn); $returndata = parseobject($data[1][0], $fn);
if ($startstop[$key] == 'some_lame_string_that_wont_be_used_by_a_function') if ($startstop[$key] == 'some_lame_string_that_wont_be_used_by_a_function')