bitPickups/friendica_2019-12_sharedHosting_hotFix
1
1
Fork 0
Code Pull requests Activity

Merge pull request #1161 from annando/master

Browse source 
Security issue: Encoding of GUID in itemcache to avoid directory bypassing with a malificious formatted GUID.
This commit is contained in:
fabrixxm 2014-09-27 18:20:39 +02:00
parent c965792c07 459fc2fabd
commit c1e986e5c4
5 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/items.php
View file

@ -1412,7 +1412,7 @@ function item_store($arr,$force_parent = false, $notify = false) {
if (!$deleted) { if (!$deleted) {
// Store the fresh generated item into the cache // Store the fresh generated item into the cache
$cachefile = get_cachefile($arr["guid"]."-".hash("md5", $arr['body'])); $cachefile = get_cachefile(urlencode($arr["guid"])."-".hash("md5", $arr['body']));
if (($cachefile != '') AND !file_exists($cachefile)) { if (($cachefile != '') AND !file_exists($cachefile)) {
$s = prepare_text($arr['body']); $s = prepare_text($arr['body']);

2
include/tags.php
View file

@ -26,7 +26,7 @@ function create_tags_from_item($itemid) {
if ($message["deleted"]) if ($message["deleted"])
return; return;
$cachefile = get_cachefile($message["guid"]."-".hash("md5", $message['body'])); $cachefile = get_cachefile(urlencode($message["guid"])."-".hash("md5", $message['body']));
if (($cachefile != '') AND !file_exists($cachefile)) { if (($cachefile != '') AND !file_exists($cachefile)) {
$s = prepare_text($message['body']); $s = prepare_text($message['body']);

3
include/text.php
View file

@ -1330,8 +1330,7 @@ function prepare_body(&$item,$attach = false, $preview = false) {
$item['mentions'] = $mentions; $item['mentions'] = $mentions;
//$cachefile = get_cachefile($item["guid"]."-".strtotime($item["edited"])."-".hash("crc32", $item['body'])); $cachefile = get_cachefile(urlencode($item["guid"])."-".hash("md5", $item['body']));
$cachefile = get_cachefile($item["guid"]."-".hash("md5", $item['body']));
if (($cachefile != '')) { if (($cachefile != '')) {
if (file_exists($cachefile)) { if (file_exists($cachefile)) {

2
mod/item.php
View file

@ -807,7 +807,7 @@ function item_post(&$a) {
file_tag_update_pconfig($uid,$categories_old,$categories_new,'category'); file_tag_update_pconfig($uid,$categories_old,$categories_new,'category');
// Store the fresh generated item into the cache // Store the fresh generated item into the cache
$cachefile = get_cachefile($datarray["guid"]."-".hash("md5", $datarray['body'])); $cachefile = get_cachefile(urlencode($datarray["guid"])."-".hash("md5", $datarray['body']));
if (($cachefile != '') AND !file_exists($cachefile)) { if (($cachefile != '') AND !file_exists($cachefile)) {
$s = prepare_text($datarray['body']); $s = prepare_text($datarray['body']);

3
mod/parse_url.php
View file

@ -186,6 +186,9 @@ function parseurl_getsiteinfo($url, $no_guessing = false, $do_oembed = true, $co
case "twitter:image": case "twitter:image":
$siteinfo["image"] = $attr["content"]; $siteinfo["image"] = $attr["content"];
break; break;
case "twitter:image:src":
$siteinfo["image"] = $attr["content"];
break;
case "twitter:card": case "twitter:card":
if (($siteinfo["type"] == "") OR ($attr["content"] == "photo")) if (($siteinfo["type"] == "") OR ($attr["content"] == "photo"))
$siteinfo["type"] = $attr["content"]; $siteinfo["type"] = $attr["content"];