Merge pull request from GHSA-5j2g-3ph4-rgvm

mark-netalico · fballiano · commit 8dd5439b628b · 2023-01-26T09:59:57.000Z
diff --git a/app/code/core/Mage/Core/Block/Abstract.php b/app/code/core/Mage/Core/Block/Abstract.php
@@ -852,6 +852,7 @@ public function getChildGroup($groupName, $callback = null, $skipEmptyResults =
             $alias = $block->getBlockAlias();
             if (in_array($alias, $this->_childGroups[$groupName])) {
                 if ($callback) {
+                    Mage::helper('core/security')->validateAgainstBlockMethodBlacklist($this, $callback, [$alias]);
                     $row = $this->$callback($alias);
                     if (!$skipEmptyResults || $row) {
                         $result[$alias] = $row;
diff --git a/app/code/core/Mage/Core/Helper/Security.php b/app/code/core/Mage/Core/Helper/Security.php
@@ -28,8 +28,6 @@ class Mage_Core_Helper_Security
 {
     private $invalidBlockActions
         = [
-            // explicitly not using class constant here Mage_Page_Block_Html_Topmenu_Renderer::class
-            // if the class does not exists it breaks.
             ['block' => Mage_Page_Block_Html_Topmenu_Renderer::class, 'method' => 'render'],
             ['block' => Mage_Core_Block_Template::class, 'method' => 'fetchView'],
         ];

Original file line number	Diff line number	Diff line change
`@@ -28,8 +28,6 @@ class Mage_Core_Helper_Security`
`28`	`28`	`{`
`29`	`29`	`private $invalidBlockActions`
`30`	`30`	`= [`
`31`		`- // explicitly not using class constant here Mage_Page_Block_Html_Topmenu_Renderer::class`
`32`		`- // if the class does not exists it breaks.`
`33`	`31`	`['block' => Mage_Page_Block_Html_Topmenu_Renderer::class, 'method' => 'render'],`
`34`	`32`	`['block' => Mage_Core_Block_Template::class, 'method' => 'fetchView'],`
`35`	`33`	`];`