Skip to content

Commit

Permalink
Merge pull request #2 from macopedia/SUPEE-1533
Browse files Browse the repository at this point in the history 
SUPEE-1533 - Addresses two potential remote code execution exploits
  • Loading branch information
@LeeSaferite
LeeSaferite committed Nov 4, 2014
2 parents f2ea602 + ccab57b commit b317310
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion app/code/core/Mage/Adminhtml/Block/Dashboard/Graph.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ public function getChartUrl($directUrl = true)
}
return self::API_URL . '?' . implode('&', $p);
} else {
$gaData = urlencode(base64_encode(serialize($params)));
$gaData = urlencode(base64_encode(json_encode($params)));
$gaHash = Mage::helper('adminhtml/dashboard_data')->getChartDataHash($gaData);
$params = array('ga' => $gaData, 'h' => $gaHash);
return $this->getUrl('*/*/tunnel', array('_query' => $params));
Expand Down
3 changes: 2 additions & 1 deletion app/code/core/Mage/Adminhtml/controllers/DashboardController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,8 @@ public function tunnelAction()
if ($gaData && $gaHash) {
$newHash = Mage::helper('adminhtml/dashboard_data')->getChartDataHash($gaData);
if ($newHash == $gaHash) {
if ($params = unserialize(base64_decode(urldecode($gaData)))) {
$params = json_decode(base64_decode(urldecode($gaData)), true);
if ($params) {
$response = $httpClient->setUri(Mage_Adminhtml_Block_Dashboard_Graph::API_URL)
->setParameterGet($params)
->setConfig(array('timeout' => 5))
Expand Down

0 comments on commit b317310

Please sign in to comment.