Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

eval_check_signed()

Description

Prior to eval() checks to make sure the code has been signed first, by the offline script / migration script.

Parameters

ColumnTypeDefaultDescription
$code string The code to check

Return

string The code, if correctly signed, or an empty string if not.

Location

include/encryption_functions.php lines 97 to 112

Definition

 
function eval_check_signed($code)
    {
    
// No need to sign empty string.
    
if (trim($code)=="") {return "";}
    
    
// Extract the signature from the code.
    
$code_split=explode("\n",$code);if (count($code_split)<2) {set_sysvar("code_sign_required","YES");return "";} // Not enough lines to include a key, exit
    
$signature=str_replace("//SIG","",trim($code_split[0])); // Extract signature
    
$code=trim(substr($code,strpos($code,"\n")+1));

    
// Code not signed correctly? Exit early.
    
if ($signature!=sign_code($code)) {set_sysvar("code_sign_required","YES");return "";}

    
// All is as expected, return the code ready for execution.
    
return $code;
    }

This article was last updated 4th December 2024 09:05 Europe/London time based on the source file dated 1st October 2024 08:15 Europe/London time.