[drupal6-flag: 3/3] Add CVE-2014-3453 patch

[Shawn Iwinski]

commit 2b15e13b4bebe8a2a7a0e7df46cf8995a1bc761b
Author: Shawn Iwinski <shawn.iwinski at gmail.com>
Date:   Wed Dec 31 16:54:48 2014 -0500

    Add CVE-2014-3453 patch

 drupal6-flag-CVE-2014-3453.patch |   21 +++++++++++++++++++++
 1 files changed, 21 insertions(+), 0 deletions(-)
---
diff --git a/drupal6-flag-CVE-2014-3453.patch b/drupal6-flag-CVE-2014-3453.patch
new file mode 100644
index 0000000..565c3f6
--- /dev/null
+++ b/drupal6-flag-CVE-2014-3453.patch
@@ -0,0 +1,21 @@
+--- flag/includes/flag.export.inc	2014-05-03 06:39:27.000000000 -0400
++++ flag/includes/flag.export.inc	2014-05-07 12:28:19.780973535 -0400
+@@ -99,8 +99,17 @@ function flag_import_form() {
+  */
+ function flag_import_form_validate($form, &$form_state) {
+   $flags = array();
++  
++  $code = $form_state['values']['import'];
++  $regex = '#\b(?:(?!array)(?!flags\[))(\$)*([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*\s*(\[.*|\(.*))#'; # Regular expression to catch function calls except array(), and prevent all arrays that aren't of the form "flags[]" from being created and used
++  
++  if (preg_match($regex,$code,$match)){
++  	form_set_error('import',t('The flag import failed because the following function call was detected in the code: %func', array('%func' => $match[0])));
++  	return;
++  }
++ 
+   ob_start();
+-  eval($form_state['values']['import']);
++  eval($code);
+   ob_end_clean();
+ 
+   if (!isset($flags) || !is_array($flags)) {