Skip to content
Permalink
Browse files

FREEPBX-8070 Turn all serialized into json

  • Loading branch information...
tm1000 committed Sep 30, 2014
1 parent fda29c5 commit f294b4580ce725ca3c5e692d86e63d40cef4d836
Showing with 13 additions and 7 deletions.
  1. +11 −6 htdocs_ari/includes/login.php
  2. +2 −1 module.xml
@@ -53,11 +53,16 @@ function Auth() {
$data = '';
$chksum = '';
if (isset($_COOKIE['ari_auth'])) {
$buf = unserialize(stripslashes($_COOKIE['ari_auth']));
list($data,$chksum) = $buf;
$buf = json_decode($_COOKIE['ari_auth'],true);
if(!is_array($buf)) {
$data = false;
$chksum = false;
} else {
list($data,$chksum) = $buf;
}
}
if (md5($data) == $chksum) {
$data = unserialize($crypt->decrypt($data,$ARI_CRYPT_PASSWORD));
$data = json_decode($crypt->decrypt($data,$ARI_CRYPT_PASSWORD),true);
$username = $data['username'];
$password = $data['password'];
}
@@ -290,11 +295,11 @@ function Auth() {
if ($auth && $remember) {
$data = array('username' => $username, 'password' => $password);
$data = $crypt->encrypt(serialize($data),$ARI_CRYPT_PASSWORD);
$data = $crypt->encrypt(json_encode($data),$ARI_CRYPT_PASSWORD);
$chksum = md5($data);
$buf = serialize(array($data,$chksum));
$buf = json_encode(array($data,$chksum));
setcookie('ari_auth',$buf,time()+365*24*60*60,'/');
}
@@ -484,4 +489,4 @@ function GetForm() {
}
?>
?>
@@ -3,11 +3,12 @@
<modtype>framework</modtype>
<repo>standard</repo>
<name>FreePBX ARI Framework</name>
<version>2.11.1.4</version>
<version>2.11.1.5</version>
<publisher>Schmooze Com Inc</publisher>
<license>GPLv3+</license>
<licenselink>http://www.gnu.org/licenses/gpl-3.0.txt</licenselink>
<changelog>
*2.11.1.5* FREEPBX-8070 SECURITY ISSUE Exec shell on a host using bug in Asterisk Recording Interface index.php
*2.11.1.4* Force removal of User Panel Tab
*2.11.1.3* Delete user panel tab because it comes from this module now
*2.11.1.2* Resolve issue of user panel tab removement

0 comments on commit f294b45

Please sign in to comment.
You can’t perform that action at this time.