check php whitelist only if it is not empty

SC-Networks · Jun 27, 2018 · 6c42c98 · 6c42c98
1 parent 309f715
commit 6c42c98
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/Php/TalesInternal.php b/src/Php/TalesInternal.php
@@ -700,13 +700,18 @@ private static function tokenize($src)
     private static function checkTokens($src)
     {
 
+        $checkWhitelist = static::$functionWhitelist !== [];
+
         foreach (static::tokenize($src) as $token) {
             if (in_array($token[0], static::$tokenBlacklist)) {
                 $message = 'User tried to execute disallowed php token ' . token_name($token[0]);
                 throw new ParserException($message);
             }
 
-            if ($token[0] === T_STRING && !in_array(strtolower($token[1]), static::$functionWhitelist)) {
+            if ($checkWhitelist &&
+                $token[0] === T_STRING &&
+                !in_array(strtolower($token[1]), static::$functionWhitelist)
+            ) {
                 $message = "User tried to execute not whitelisted statement '" . $token[1] . "'";
                 throw new ParserException($message);
             }