static function module_auth($module_auth, $forum_id)
{
global $auth, $config;
global $request, $phpbb_extension_manager, $phpbb_dispatcher;
$module_auth = trim($module_auth);
// Generally allowed to access module if module_auth is empty
if (!$module_auth) {
return true;
}
// With the code below we make sure only those elements get eval'd we really want to be checked
preg_match_all('/(?:
"[^"\\\\]*(?:\\\\.[^"\\\\]*)*" |
\'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\' |
[(),] |
[^\\s(),]+)/x', $module_auth, $match);
// Valid tokens for auth and their replacements
$valid_tokens = array('acl_([a-z0-9_]+)(,\\$id)?' => '(int) $auth->acl_get(\'\\1\'\\2)', '\\$id' => '(int) $forum_id', 'aclf_([a-z0-9_]+)' => '(int) $auth->acl_getf_global(\'\\1\')', 'cfg_([a-z0-9_]+)' => '(int) $config[\'\\1\']', 'request_([a-zA-Z0-9_]+)' => '$request->variable(\'\\1\', false)', 'ext_([a-zA-Z0-9_/]+)' => 'array_key_exists(\'\\1\', $phpbb_extension_manager->all_enabled())', 'authmethod_([a-z0-9_\\\\]+)' => '($config[\'auth_method\'] === \'\\1\')');
/**
* Alter tokens for module authorisation check
*
* @event core.module_auth
* @var array valid_tokens Valid tokens and their auth check
* replacements
* @var string module_auth The module_auth of the current
* module
* @var int forum_id The current forum_id
* @since 3.1.0-a3
*/
$vars = array('valid_tokens', 'module_auth', 'forum_id');
extract($phpbb_dispatcher->trigger_event('core.module_auth', compact($vars)));
$tokens = $match[0];
for ($i = 0, $size = sizeof($tokens); $i < $size; $i++) {
$token =& $tokens[$i];
switch ($token) {
case ')':
case '(':
case '&&':
case '||':
case ',':
break;
default:
if (!preg_match('#(?:' . implode(array_keys($valid_tokens), ')|(?:') . ')#', $token)) {
$token = '';
}
break;
}
}
$module_auth = implode(' ', $tokens);
// Make sure $id separation is working fine
$module_auth = str_replace(' , ', ',', $module_auth);
$module_auth = preg_replace(array_map(function ($value) {
return '#' . $value . '#';
}, array_keys($valid_tokens)), array_values($valid_tokens), $module_auth);
$is_auth = false;
// @codingStandardsIgnoreStart
eval('$is_auth = (int) (' . $module_auth . ');');
// @codingStandardsIgnoreEnd
return $is_auth;
}