From 2cfcc84510ea6e21f475cb14022b0cb692ae6e66 Mon Sep 17 00:00:00 2001 From: IsaiDiaz Date: Fri, 27 Jun 2025 11:11:25 -0400 Subject: [PATCH] refactoring streamJSTranslationFile to remove eval use --- gulliver/system/class.bootstrap.php | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index 65a737522..c07ffdac8 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -827,6 +827,11 @@ class Bootstrap $typeName = trim($typeName); $fileConst = ($typeName == 'translation') ? 'translation.' . $locale : 'translation.' . $typeName . '.' . $locale; + if (!preg_match('/^[a-zA-Z0-9_]+$/', $typeName)) { + error_log("Attempted to stream invalid translation type: " . $typeName); + return ''; + } + if ($typeName == 'translation') { $defaultTranslations = array(); $foreignTranslations = array(); @@ -863,11 +868,16 @@ class Bootstrap $newName = implode('.', $typearray); if (file_exists(PATH_LANGUAGECONT . $newName)) { require_once(PATH_LANGUAGECONT . $newName); - $return = ''; - eval('$return = "var TRANSLATIONS_" . strtoupper($typeName) . " = " . Bootstrap::json_encode($translation' . $typeName . ') . ";";'); - return $return; + $dynamicTranslationVarName = 'translation' . $typeName; + if (isset($$dynamicTranslationVarName) && is_array($$dynamicTranslationVarName)) { + $translationToEncode = $$dynamicTranslationVarName; + return 'var TRANSLATIONS_' . strtoupper($typeName) . ' = ' . Bootstrap::json_encode($translationToEncode) . ';'; + } else { + error_log("Missing or invalid translation array for type: " . $typeName); + return ''; + } } - return; + return ''; } }