friendica
/
friendica
mirror of https://github.com/friendica/friendica.git
5
7
Fork 5
Code Issues Releases 16 Wiki Activity
Browse Source

Security issue: Encoding of GUID in itemcache to avoid directory bypassing with a malificious formatted GUID.

pull/1161/head
Michael Vogel 8 years ago
parent
4ec5974074
commit
459fc2fabd
5 changed files with 7 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      include/items.php
  2. 2
      include/tags.php
  3. 3
      include/text.php
  4. 2
      mod/item.php
  5. 3
      mod/parse_url.php

2
include/items.php
Unescape View File

@ -1412,7 +1412,7 @@ function item_store($arr,$force_parent = false, $notify = false) {
if (!$deleted) {
// Store the fresh generated item into the cache
$cachefile = get_cachefile($arr["guid"]."-".hash("md5", $arr['body']));
$cachefile = get_cachefile(urlencode($arr["guid"])."-".hash("md5", $arr['body']));
if (($cachefile != '') AND !file_exists($cachefile)) {
$s = prepare_text($arr['body']);

2
include/tags.php
Unescape View File

@ -26,7 +26,7 @@ function create_tags_from_item($itemid) {
if ($message["deleted"])
return;
$cachefile = get_cachefile($message["guid"]."-".hash("md5", $message['body']));
$cachefile = get_cachefile(urlencode($message["guid"])."-".hash("md5", $message['body']));
if (($cachefile != '') AND !file_exists($cachefile)) {
$s = prepare_text($message['body']);

3
include/text.php
Unescape View File

@ -1330,8 +1330,7 @@ function prepare_body(&$item,$attach = false, $preview = false) {
$item['mentions'] = $mentions;
//$cachefile = get_cachefile($item["guid"]."-".strtotime($item["edited"])."-".hash("crc32", $item['body']));
$cachefile = get_cachefile($item["guid"]."-".hash("md5", $item['body']));
$cachefile = get_cachefile(urlencode($item["guid"])."-".hash("md5", $item['body']));
if (($cachefile != '')) {
if (file_exists($cachefile)) {

2
mod/item.php
Unescape View File

@ -807,7 +807,7 @@ function item_post(&$a) {
file_tag_update_pconfig($uid,$categories_old,$categories_new,'category');
// Store the fresh generated item into the cache
$cachefile = get_cachefile($datarray["guid"]."-".hash("md5", $datarray['body']));
$cachefile = get_cachefile(urlencode($datarray["guid"])."-".hash("md5", $datarray['body']));
if (($cachefile != '') AND !file_exists($cachefile)) {
$s = prepare_text($datarray['body']);

3
mod/parse_url.php
Unescape View File

@ -186,6 +186,9 @@ function parseurl_getsiteinfo($url, $no_guessing = false, $do_oembed = true, $co
case "twitter:image":
$siteinfo["image"] = $attr["content"];
break;
case "twitter:image:src":
$siteinfo["image"] = $attr["content"];
break;
case "twitter:card":
if (($siteinfo["type"] == "") OR ($attr["content"] == "photo"))
$siteinfo["type"] = $attr["content"];

Write Preview
Loading…
Cancel
Save