dg/patch-CVE-2020-15227.php

## patch-CVE-2020-15227.php
<?php

# In-place apply the CVE-2020-15227 nette/application patch
# This is a universal patcher for all affected versions.

# Run with `php patch-CVE-2020-15227.php`

# Inspiration: @spazef0rze


$dir = __DIR__;
$iterator = new RecursiveDirectoryIterator($dir);
$iterator = new RecursiveIteratorIterator($iterator);

// find all MicroPresenter.php files
foreach ($iterator as $file) {

	if ($file->getFileName() !== 'MicroPresenter.php') {
		continue;
	}

	$orig = file_get_contents((string) $file);

	// apply patch to code
	$patched = str_replace(
		'if (!isset($params[\'callback\'])) {',
		'if (!isset($params[\'callback\']) || !$params[\'callback\'] instanceof \Closure) { // patched to fix CVE-2020-15227',
		$orig
	);

	if ($orig === $patched) {
		continue;
	}

	// create a backup file with a suffix
	file_put_contents("$file-nette-autoupdate-backup", $orig);

	// replace original file
	file_put_contents((string) $file, $patched);

	echo "patched: $file\n";
}
	<?php

	# In-place apply the CVE-2020-15227 nette/application patch
	# This is a universal patcher for all affected versions.

	# Run with `php patch-CVE-2020-15227.php`

	# Inspiration: @spazef0rze


	$dir = __DIR__;
	$iterator = new RecursiveDirectoryIterator($dir);
	$iterator = new RecursiveIteratorIterator($iterator);

	// find all MicroPresenter.php files
	foreach ($iterator as $file) {

	if ($file->getFileName() !== 'MicroPresenter.php') {
	continue;
	}

	$orig = file_get_contents((string) $file);

	// apply patch to code
	$patched = str_replace(
	'if (!isset($params[\'callback\'])) {',
	'if (!isset($params[\'callback\']) \|\| !$params[\'callback\'] instanceof \Closure) { // patched to fix CVE-2020-15227',
	$orig
	);

	if ($orig === $patched) {
	continue;
	}

	// create a backup file with a suffix
	file_put_contents("$file-nette-autoupdate-backup", $orig);

	// replace original file
	file_put_contents((string) $file, $patched);

	echo "patched: $file\n";
	}