Security issue: Encoding of GUID in itemcache to avoid directory bypassing with a malificious formatted GUID.

2014-09-27 12:49:00 +02:00 · 2014-09-27 12:49:00 +02:00 · 459fc2fabd
commit 459fc2fabd
parent 4ec5974074
5 changed files with 7 additions and 5 deletions
--- a/mod/item.php
+++ b/mod/item.php
@ -807,7 +807,7 @@ function item_post(&$a) {
 		file_tag_update_pconfig($uid,$categories_old,$categories_new,'category');

 		// Store the fresh generated item into the cache
-		$cachefile = get_cachefile($datarray["guid"]."-".hash("md5", $datarray['body']));
+		$cachefile = get_cachefile(urlencode($datarray["guid"])."-".hash("md5", $datarray['body']));

 		if (($cachefile != '') AND !file_exists($cachefile)) {
 			$s = prepare_text($datarray['body']);