Пример #1
0
function AspisFindSourceGuard($function)
{
    return AspisFindGuard($function, 2);
}
Пример #2
0
function AspisTainted_call_user_func_array($name, $params)
{
    global $built_in_functions;
    if (empty($built_in_functions)) {
        load_functions();
    }
    global $aspis_taint_details;
    if (empty($aspis_taint_details)) {
        loadTaintDetails();
    }
    $name = deAspisCallback($name);
    $class = "AspisFakeClass";
    if (is_array($name)) {
        $class = get_class($name[0]);
    }
    //untainted case
    if (is_string($name) && (isset($built_in_functions[$name]) || !isset($aspis_taint_details[0][$name])) || $class === "AspisProxy") {
        //TODO: Doesn't handle cases where the built in function uses callback
        //I have to read all function definitions and call AspisInternalCallback
        //TODO: This does not work with reference params (the else case does though)
        $params = $params[0];
        foreach ($params as &$param) {
            //actually, just the name and the arg array
            $param = deAspisRCO($param);
        }
        unset($param);
        if ($class == "AspisProxy") {
            $name[0] = $name[0]->obj;
        }
        array_unshift($params, $name);
        $params[] = array();
        //no ref parameters
        $ret = call_user_func_array("AspisUntaintedFunctionCall", $params);
        if ($ret === FALSE) {
            $ret = array($ret, false);
        }
        return $ret;
    } else {
        /*
         * If the called function expects objects, then an explicit refernce is not required by PHP.
         * But, if, insted, I pass an array that contains the object, then the reference is required.
         * To solve this, I always try to pass references. If I got references as input,
         * then everything is ok. If I got copies, then I pass references to these copies: no harm done.
         */
        $params_ref = array();
        foreach ($params[0] as &$p) {
            $params_ref[] =& $p;
        }
        $guard = AspisFindGuard($name);
        if ($guard != "" && isset($params_ref[0])) {
            $params_ref[0] =& $guard($params_ref[0]);
        }
        $ret = call_user_func_array($name, $params_ref);
        if ($ret === FALSE) {
            $ret = array($ret, false);
        }
        $i = AspisIsSanitiser($name);
        if ($i != -1) {
            $ret = AspisKillTaint($ret, $i);
        }
        return $ret;
    }
}