chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
Security advisory GHSA-356v-7xg2-3678
pull/5852/head
Angel Fernando Quiroz Campos 11 months ago committed by GitHub
parent 802270204d
commit b939fc859f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 46 additions and 28 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 74
      main/inc/lib/nusoap/class.soap_server.php

74
main/inc/lib/nusoap/class.soap_server.php
Unescape View File

@ -586,34 +586,52 @@ class nusoap_server extends nusoap_base
$this->appendDebug($this->varDump($this->methodparams)); $this->appendDebug($this->varDump($this->methodparams));
$this->debug("in invoke_method, calling '$this->methodname'"); $this->debug("in invoke_method, calling '$this->methodname'");
if (!function_exists('call_user_func_array')) { if (!function_exists('call_user_func_array')) {
if ($class == '') { try {
$this->debug('in invoke_method, calling function using eval()'); if ($class == '') {
$funcCall = "\$this->methodreturn = $this->methodname("; $this->debug('in invoke_method, calling function using eval()');
} else { $reflectionFunction = new ReflectionFunction($this->methodname);
if ($delim == '..') { $params = $reflectionFunction->getParameters();
$this->debug('in invoke_method, calling class method using eval()');
$funcCall = "\$this->methodreturn = ".$class."::".$method."("; if (count($params) !== count($this->methodparams)) {
} else { throw new Exception('Paremeter count mismatch');
$this->debug('in invoke_method, calling instance method using eval()'); }
// generate unique instance name
$instname = "\$inst_".time(); $this->methodreturn = $reflectionFunction->invokeArgs(array_values($this->methodparams));
$funcCall = $instname." = new ".$class."(); "; } else {
$funcCall .= "\$this->methodreturn = ".$instname."->".$method."("; $reflectionMethod = new ReflectionMethod($class, $method);
} $params = $reflectionMethod->getParameters();
}
if ($this->methodparams) { if (count($params) !== count($this->methodparams)) {
foreach ($this->methodparams as $param) { throw new Exception('Paremeter count mismatch');
if (is_array($param) || is_object($param)) { }
$this->fault('SOAP-ENV:Client', 'NuSOAP does not handle complexType parameters correctly when using eval; call_user_func_array must be available');
return; $instance = null;
}
$funcCall .= "\"$param\","; if ($delim == '..') {
} if (!$reflectionMethod->isStatic()) {
$funcCall = substr($funcCall, 0, -1); throw new Exception("Method '$method' is not static");
} }
$funcCall .= ');'; } else {
$this->debug('in invoke_method, function call: '.$funcCall); if ($reflectionMethod->isStatic()) {
@eval($funcCall); throw new Exception("Method '$method' is static");
}
$instance = new $class();
}
$this->methodreturn = $reflectionMethod->invokeArgs($instance, array_values($this->methodparams));
}
$this->debug('in invoke_method, methodreturn: ' . $this->varDump($this->methodreturn));
} catch (ReflectionException $e) {
$this->fault('SOAP-ENV:Client', 'Error invoking method: '.$e->getMessage());
return;
} catch (Exception $e) {
$this->fault('SOAP-ENV:Client', $e->getMessage());
return;
}
} else { } else {
if ($class == '') { if ($class == '') {
$this->debug('in invoke_method, calling function using call_user_func_array()'); $this->debug('in invoke_method, calling function using call_user_func_array()');

Write Preview
Loading…
Cancel
Save