Merge pull request #1161 from annando/master
Security issue: Encoding of GUID in itemcache to avoid directory bypassing with a malificious formatted GUID.
This commit is contained in:
commit
c1e986e5c4
5 changed files with 7 additions and 5 deletions
|
@ -1412,7 +1412,7 @@ function item_store($arr,$force_parent = false, $notify = false) {
|
|||
if (!$deleted) {
|
||||
|
||||
// Store the fresh generated item into the cache
|
||||
$cachefile = get_cachefile($arr["guid"]."-".hash("md5", $arr['body']));
|
||||
$cachefile = get_cachefile(urlencode($arr["guid"])."-".hash("md5", $arr['body']));
|
||||
|
||||
if (($cachefile != '') AND !file_exists($cachefile)) {
|
||||
$s = prepare_text($arr['body']);
|
||||
|
|
|
@ -26,7 +26,7 @@ function create_tags_from_item($itemid) {
|
|||
if ($message["deleted"])
|
||||
return;
|
||||
|
||||
$cachefile = get_cachefile($message["guid"]."-".hash("md5", $message['body']));
|
||||
$cachefile = get_cachefile(urlencode($message["guid"])."-".hash("md5", $message['body']));
|
||||
|
||||
if (($cachefile != '') AND !file_exists($cachefile)) {
|
||||
$s = prepare_text($message['body']);
|
||||
|
|
|
@ -1330,8 +1330,7 @@ function prepare_body(&$item,$attach = false, $preview = false) {
|
|||
$item['mentions'] = $mentions;
|
||||
|
||||
|
||||
//$cachefile = get_cachefile($item["guid"]."-".strtotime($item["edited"])."-".hash("crc32", $item['body']));
|
||||
$cachefile = get_cachefile($item["guid"]."-".hash("md5", $item['body']));
|
||||
$cachefile = get_cachefile(urlencode($item["guid"])."-".hash("md5", $item['body']));
|
||||
|
||||
if (($cachefile != '')) {
|
||||
if (file_exists($cachefile)) {
|
||||
|
|
|
@ -807,7 +807,7 @@ function item_post(&$a) {
|
|||
file_tag_update_pconfig($uid,$categories_old,$categories_new,'category');
|
||||
|
||||
// Store the fresh generated item into the cache
|
||||
$cachefile = get_cachefile($datarray["guid"]."-".hash("md5", $datarray['body']));
|
||||
$cachefile = get_cachefile(urlencode($datarray["guid"])."-".hash("md5", $datarray['body']));
|
||||
|
||||
if (($cachefile != '') AND !file_exists($cachefile)) {
|
||||
$s = prepare_text($datarray['body']);
|
||||
|
|
|
@ -186,6 +186,9 @@ function parseurl_getsiteinfo($url, $no_guessing = false, $do_oembed = true, $co
|
|||
case "twitter:image":
|
||||
$siteinfo["image"] = $attr["content"];
|
||||
break;
|
||||
case "twitter:image:src":
|
||||
$siteinfo["image"] = $attr["content"];
|
||||
break;
|
||||
case "twitter:card":
|
||||
if (($siteinfo["type"] == "") OR ($attr["content"] == "photo"))
|
||||
$siteinfo["type"] = $attr["content"];
|
||||
|
|
Loading…
Reference in a new issue