Mercurial > hg > isophonics-drupal-site

diff vendor/psy/psysh/src/CodeCleaner/AssignThisVariablePass.php @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.
author: Chris Cannam
date: Mon, 23 Apr 2018 09:33:26 +0100
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/vendor/psy/psysh/src/CodeCleaner/AssignThisVariablePass.php	Mon Apr 23 09:33:26 2018 +0100
@@ -0,0 +1,39 @@
+<?php
+
+/*
+ * This file is part of Psy Shell.
+ *
+ * (c) 2012-2018 Justin Hileman
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Psy\CodeCleaner;
+
+use PhpParser\Node;
+use PhpParser\Node\Expr\Assign;
+use PhpParser\Node\Expr\Variable;
+use Psy\Exception\FatalErrorException;
+
+/**
+ * Validate that the user input does not assign the `$this` variable.
+ *
+ * @author Martin Hasoň <martin.hason@gmail.com>
+ */
+class AssignThisVariablePass extends CodeCleanerPass
+{
+    /**
+     * Validate that the user input does not assign the `$this` variable.
+     *
+     * @throws RuntimeException if the user assign the `$this` variable
+     *
+     * @param Node $node
+     */
+    public function enterNode(Node $node)
+    {
+        if ($node instanceof Assign && $node->var instanceof Variable && $node->var->name === 'this') {
+            throw new FatalErrorException('Cannot re-assign $this', 0, E_ERROR, null, $node->getLine());
+        }
+    }
+}
author	Chris Cannam
date	Mon, 23 Apr 2018 09:33:26 +0100
parents
children