Skip to content

Commit

Permalink
Merge pull request from GHSA-26rr-v2j2-25fh
Browse files Browse the repository at this point in the history 
Co-authored-by: Mark Lewis <markwlewis@Marks-MacBook-Pro.local>
  • Loading branch information
@mark-netalico
mark-netalico and Mark Lewis authored Aug 26, 2021
1 parent 02a14e8 commit b99307d
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion app/code/core/Mage/Core/Helper/Security.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,10 @@ class Mage_Core_Helper_Security
public function validateAgainstBlockMethodBlacklist(Mage_Core_Block_Abstract $block, $method, array $args)
{
foreach ($this->invalidBlockActions as $action) {
if ($block instanceof $action['block'] && strtolower($action['method']) === strtolower($method)) {
$calledMethod = strtolower($method);
if (($block instanceof $action['block'] && strtolower($action['method']) === $calledMethod)
|| ($block instanceof $action['block']
&& strtolower($action['block'] . '::' . $action['method']) === $calledMethod)) {
Mage::throwException(
sprintf('Action with combination block %s and method %s is forbidden.', get_class($block), $method)
);
Expand Down

0 comments on commit b99307d

Please sign in to comment.