Skip to content

Commit

Permalink
Merge pull request from GHSA-5j2g-3ph4-rgvm
Browse files Browse the repository at this point in the history
  • Loading branch information
mark-netalico authored Jan 26, 2023
1 parent 58e72cf commit 06c4594
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
1 change: 1 addition & 0 deletions app/code/core/Mage/Core/Block/Abstract.php
Original file line number Diff line number Diff line change
Expand Up @@ -852,6 +852,7 @@ public function getChildGroup($groupName, $callback = null, $skipEmptyResults =
$alias = $block->getBlockAlias();
if (in_array($alias, $this->_childGroups[$groupName])) {
if ($callback) {
Mage::helper('core/security')->validateAgainstBlockMethodBlacklist($this, $callback, [$alias]);
$row = $this->$callback($alias);
if (!$skipEmptyResults || $row) {
$result[$alias] = $row;
Expand Down
2 changes: 0 additions & 2 deletions app/code/core/Mage/Core/Helper/Security.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ class Mage_Core_Helper_Security
{
private $invalidBlockActions
= [
// explicitly not using class constant here Mage_Page_Block_Html_Topmenu_Renderer::class
// if the class does not exists it breaks.
['block' => Mage_Page_Block_Html_Topmenu_Renderer::class, 'method' => 'render'],
['block' => Mage_Core_Block_Template::class, 'method' => 'fetchView'],
];
Expand Down

0 comments on commit 06c4594

Please sign in to comment.