Skip to content
Permalink
Browse files Browse the repository at this point in the history
Security fix: Fix to a possible PHP Object injection
- unserialized user input replaced with json_decode
  • Loading branch information
iglocska committed Jul 1, 2015
1 parent 9b67e5e commit 415d851
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 6 deletions.
8 changes: 3 additions & 5 deletions app/Controller/TemplatesController.php
Expand Up @@ -22,12 +22,9 @@ class TemplatesController extends AppController {

public function beforeFilter() { // TODO REMOVE
parent::beforeFilter();
$this->Security->unlockedActions = array('saveElementSorting', 'populateEventFromTemplate', 'uploadFile', 'deleteTemporaryFile');
$this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile');
}

public function fetchFormFromTemplate($id) {

}

public function index() {
$conditions = array();
Expand Down Expand Up @@ -136,6 +133,7 @@ public function view($id) {
}

public function add() {
if (!$this->userRole['perm_template']) throw new MethodNotAllowedException('You are not authorised to do that.');
if ($this->request->is('post')) {
unset($this->request->data['Template']['tagsPusher']);
$tags = $this->request->data['Template']['tags'];
Expand Down Expand Up @@ -332,7 +330,7 @@ public function submitEventPopulation($template_id, $event_id) {
}

if (isset($this->request->data['Template']['attributes'])) {
$attributes = unserialize($this->request->data['Template']['attributes']);
$attributes = json_decode($this->request->data['Template']['attributes'], true);
$this->loadModel('Attribute');
$fails = 0;
foreach($attributes as $k => &$attribute) {
Expand Down
Expand Up @@ -29,7 +29,7 @@ endforeach;?>
'id' => 'attributes',
'label' => false,
'type' => 'hidden',
'value' => serialize($attributes),
'value' => json_encode($attributes),
));
?>
</fieldset>
Expand Down

0 comments on commit 415d851

Please sign in to comment.