clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security issue: Encoding of GUID in itemcache to avoid directory bypassing with a malificious formatted GUID.

Browse Source
This commit is contained in:
Michael Vogel
2014-09-27 12:49:00 +02:00
parent 4ec5974074
commit 459fc2fabd
5 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/text.php
+1 -2
View File
@@ -1330,8 +1330,7 @@ function prepare_body(&$item,$attach = false, $preview = false) {
$item['mentions'] = $mentions;
//$cachefile = get_cachefile($item["guid"]."-".strtotime($item["edited"])."-".hash("crc32", $item['body']));
$cachefile = get_cachefile($item["guid"]."-".hash("md5", $item['body']));
$cachefile = get_cachefile(urlencode($item["guid"])."-".hash("md5", $item['body']));
if (($cachefile != '')) {
if (file_exists($cachefile)) {