Skip to content
Permalink
Browse files

Apply safe_unserialize()

Signed-off-by: Jessica González <suki@missallsunday.com>
  • Loading branch information...
MissAllSunday committed Jun 12, 2016
1 parent 3d25b81 commit 19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008
Showing with 14 additions and 14 deletions.
  1. +3 −3 Sources/Calendar.php
  2. +4 −4 Sources/Load.php
  3. +4 −4 Sources/LogInOut.php
  4. +1 −1 Sources/Subs-Auth.php
  5. +1 −1 Sources/Subs-Charset.php
  6. +1 −1 Sources/Subs-Menu.php
@@ -500,19 +500,19 @@ function clock()
{
$context['sub_template'] = 'bcd';
$context['linktree'][] = array('url' => $scripturl . '?action=clock;bcd', 'name' => 'BCD');
$context['clockicons'] = unserialize(base64_decode('YTo2OntzOjI6ImgxIjthOjI6e2k6MDtpOjI7aToxO2k6MTt9czoyOiJoMiI7YTo0OntpOjA7aTo4O2k6MTtpOjQ7aToyO2k6MjtpOjM7aToxO31zOjI6Im0xIjthOjM6e2k6MDtpOjQ7aToxO2k6MjtpOjI7aToxO31zOjI6Im0yIjthOjQ6e2k6MDtpOjg7aToxO2k6NDtpOjI7aToyO2k6MztpOjE7fXM6MjoiczEiO2E6Mzp7aTowO2k6NDtpOjE7aToyO2k6MjtpOjE7fXM6MjoiczIiO2E6NDp7aTowO2k6ODtpOjE7aTo0O2k6MjtpOjI7aTozO2k6MTt9fQ=='));
$context['clockicons'] = safe_unserialize(base64_decode('YTo2OntzOjI6ImgxIjthOjI6e2k6MDtpOjI7aToxO2k6MTt9czoyOiJoMiI7YTo0OntpOjA7aTo4O2k6MTtpOjQ7aToyO2k6MjtpOjM7aToxO31zOjI6Im0xIjthOjM6e2k6MDtpOjQ7aToxO2k6MjtpOjI7aToxO31zOjI6Im0yIjthOjQ6e2k6MDtpOjg7aToxO2k6NDtpOjI7aToyO2k6MztpOjE7fXM6MjoiczEiO2E6Mzp7aTowO2k6NDtpOjE7aToyO2k6MjtpOjE7fXM6MjoiczIiO2E6NDp7aTowO2k6ODtpOjE7aTo0O2k6MjtpOjI7aTozO2k6MTt9fQ=='));
}
elseif (!$omfg && !isset($_REQUEST['time']))
{
$context['sub_template'] = 'hms';
$context['linktree'][] = array('url' => $scripturl . '?action=clock', 'name' => 'Binary');
$context['clockicons'] = unserialize(base64_decode('YTozOntzOjE6ImgiO2E6NTp7aTowO2k6MTY7aToxO2k6ODtpOjI7aTo0O2k6MztpOjI7aTo0O2k6MTt9czoxOiJtIjthOjY6e2k6MDtpOjMyO2k6MTtpOjE2O2k6MjtpOjg7aTozO2k6NDtpOjQ7aToyO2k6NTtpOjE7fXM6MToicyI7YTo2OntpOjA7aTozMjtpOjE7aToxNjtpOjI7aTo4O2k6MztpOjQ7aTo0O2k6MjtpOjU7aToxO319'));
$context['clockicons'] = safe_unserialize(base64_decode('YTozOntzOjE6ImgiO2E6NTp7aTowO2k6MTY7aToxO2k6ODtpOjI7aTo0O2k6MztpOjI7aTo0O2k6MTt9czoxOiJtIjthOjY6e2k6MDtpOjMyO2k6MTtpOjE2O2k6MjtpOjg7aTozO2k6NDtpOjQ7aToyO2k6NTtpOjE7fXM6MToicyI7YTo2OntpOjA7aTozMjtpOjE7aToxNjtpOjI7aTo4O2k6MztpOjQ7aTo0O2k6MjtpOjU7aToxO319'));
}
elseif ($omfg)
{
$context['sub_template'] = 'omfg';
$context['linktree'][] = array('url' => $scripturl . '?action=clock;omfg', 'name' => 'OMFG');
$context['clockicons'] = unserialize(base64_decode('YTo2OntzOjQ6InllYXIiO2E6Nzp7aTowO2k6NjQ7aToxO2k6MzI7aToyO2k6MTY7aTozO2k6ODtpOjQ7aTo0O2k6NTtpOjI7aTo2O2k6MTt9czo1OiJtb250aCI7YTo0OntpOjA7aTo4O2k6MTtpOjQ7aToyO2k6MjtpOjM7aToxO31zOjM6ImRheSI7YTo1OntpOjA7aToxNjtpOjE7aTo4O2k6MjtpOjQ7aTozO2k6MjtpOjQ7aToxO31zOjQ6ImhvdXIiO2E6NTp7aTowO2k6MTY7aToxO2k6ODtpOjI7aTo0O2k6MztpOjI7aTo0O2k6MTt9czozOiJtaW4iO2E6Njp7aTowO2k6MzI7aToxO2k6MTY7aToyO2k6ODtpOjM7aTo0O2k6NDtpOjI7aTo1O2k6MTt9czozOiJzZWMiO2E6Njp7aTowO2k6MzI7aToxO2k6MTY7aToyO2k6ODtpOjM7aTo0O2k6NDtpOjI7aTo1O2k6MTt9fQ=='));
$context['clockicons'] = safe_unserialize(base64_decode('YTo2OntzOjQ6InllYXIiO2E6Nzp7aTowO2k6NjQ7aToxO2k6MzI7aToyO2k6MTY7aTozO2k6ODtpOjQ7aTo0O2k6NTtpOjI7aTo2O2k6MTt9czo1OiJtb250aCI7YTo0OntpOjA7aTo4O2k6MTtpOjQ7aToyO2k6MjtpOjM7aToxO31zOjM6ImRheSI7YTo1OntpOjA7aToxNjtpOjE7aTo4O2k6MjtpOjQ7aTozO2k6MjtpOjQ7aToxO31zOjQ6ImhvdXIiO2E6NTp7aTowO2k6MTY7aToxO2k6ODtpOjI7aTo0O2k6MztpOjI7aTo0O2k6MTt9czozOiJtaW4iO2E6Njp7aTowO2k6MzI7aToxO2k6MTY7aToyO2k6ODtpOjM7aTo0O2k6NDtpOjI7aTo1O2k6MTt9czozOiJzZWMiO2E6Njp7aTowO2k6MzI7aToxO2k6MTY7aToyO2k6ODtpOjM7aTo0O2k6NDtpOjI7aTo1O2k6MTt9fQ=='));
}
elseif (isset($_REQUEST['time']))
{
@@ -381,7 +381,7 @@ function loadUserSettings()
$cookie_data = smf_json_decode($_COOKIE[$cookiename], true);
if (is_null($cookie_data))
$cookie_data = @unserialize($_COOKIE[$cookiename]);
$cookie_data = safe_unserialize($_COOKIE[$cookiename]);
list ($id_member, $password) = $cookie_data;
$id_member = !empty($id_member) && strlen($password) > 0 ? (int) $id_member : 0;
@@ -392,7 +392,7 @@ function loadUserSettings()
$cookie_data = smf_json_decode($_SESSION['login_' . $cookiename]);
if (is_null($cookie_data))
$cookie_data = @unserialize($_SESSION['login_' . $cookiename]);
$cookie_data = safe_unserialize($_SESSION['login_' . $cookiename]);
list ($id_member, $password, $login_span) = $cookie_data;
$id_member = !empty($id_member) && strlen($password) == 128 && $login_span > time() ? (int) $id_member : 0;
@@ -463,7 +463,7 @@ function loadUserSettings()
$tfa_data = smf_json_decode($_COOKIE[$tfacookie]);
if (is_null($tfa_data))
$tfa_data = @unserialize($_COOKIE[$tfacookie]);
$tfa_data = safe_unserialize($_COOKIE[$tfacookie]);
list ($tfamember, $tfasecret) = $tfa_data;
@@ -620,7 +620,7 @@ function loadUserSettings()
$tfa_data = smf_json_decode($_COOKIE[$cookiename . '_tfa'], true);
if (is_null($tfa_data))
$tfa_data = @unserialize($_COOKIE[$cookiename . '_tfa']);
$tfa_data = safe_unserialize($_COOKIE[$cookiename . '_tfa']);
list ($id, $user, $exp, $state, $preserve) = $tfa_data;
@@ -103,15 +103,15 @@ function Login2()
// That didn't work... Maybe it's using serialize?
if (is_null($timeout))
list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
list (, , $timeout) = safe_unserialize($_COOKIE[$cookiename]);
}
elseif (isset($_SESSION['login_' . $cookiename]))
{
list (, , $timeout) = smf_json_decode($_SESSION['login_' . $cookiename]);
// Try for old format
if (is_null($timeout))
list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
list (, , $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);
}
else
trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
@@ -126,7 +126,7 @@ function Login2()
// If that didn't work, try unserialize instead...
if (is_null($tfadata))
$tfadata = @unserialize($_COOKIE[$cookiename . '_tfa']);
$tfadata = safe_unserialize($_COOKIE[$cookiename . '_tfa']);
list ($tfamember, $tfasecret, $exp, $state, $preserve) = $tfadata;
@@ -689,7 +689,7 @@ function Logout($internal = false, $redirect = true)
// If that failed, try the old method
if (is_null($tfadata))
$tfadata = @unserialize($_COOKIE[$cookiename . '_tfa']);
$tfadata = safe_unserialize($_COOKIE[$cookiename . '_tfa']);
list ($tfamember, $tfasecret, $exp, $state, $preserve) = $tfadata;
@@ -44,7 +44,7 @@ function setLoginCookie($cookie_length, $id, $password = '')
// Legacy format
if (is_null($array))
$array = @unserialize($_COOKIE[$cookiename]);
$array = safe_unserialize($_COOKIE[$cookiename]);
// Out with the old, in with the new!
if (isset($array[3]) && $array[3] != $cookie_state)
@@ -569,7 +569,7 @@ function fix_serialized_columns()
);
while ($row = $smcFunc['db_fetch_assoc']($request))
{
if (@unserialize($row['extra']) === false && preg_match('~^(a:3:{s:5:"topic";i:\d+;s:7:"subject";s:)(\d+):"(.+)"(;s:6:"member";s:5:"\d+";})$~', $row['extra'], $matches) === 1)
if (safe_unserialize($row['extra']) === false && preg_match('~^(a:3:{s:5:"topic";i:\d+;s:7:"subject";s:)(\d+):"(.+)"(;s:6:"member";s:5:"\d+";})$~', $row['extra'], $matches) === 1)
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_actions
SET extra = {string:extra}
@@ -122,7 +122,7 @@ function createMenu($menuData, $menuOptions = array())
// Does this area have its own icon?
if (!isset($area['force_menu_into_arms_of_another_menu']) && $user_info['name'] == 'iamanoompaloompa')
$menu_context['sections'][$section_id]['areas'][$area_id] = unserialize(base64_decode('YTozOntzOjU6ImxhYmVsIjtzOjEyOiJPb21wYSBMb29tcGEiO3M6MzoidXJsIjtzOjQzOiJodHRwOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL09vbXBhX0xvb21wYXM/IjtzOjQ6Imljb24iO3M6ODY6IjxpbWcgc3JjPSJodHRwOi8vd3d3LnNpbXBsZW1hY2hpbmVzLm9yZy9pbWFnZXMvb29tcGEuZ2lmIiBhbHQ9IkknbSBhbiBPb21wYSBMb29tcGEiIC8+Ijt9'));
$menu_context['sections'][$section_id]['areas'][$area_id] = safe_unserialize(base64_decode('YTozOntzOjU6ImxhYmVsIjtzOjEyOiJPb21wYSBMb29tcGEiO3M6MzoidXJsIjtzOjQzOiJodHRwOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL09vbXBhX0xvb21wYXM/IjtzOjQ6Imljb24iO3M6ODY6IjxpbWcgc3JjPSJodHRwOi8vd3d3LnNpbXBsZW1hY2hpbmVzLm9yZy9pbWFnZXMvb29tcGEuZ2lmIiBhbHQ9IkknbSBhbiBPb21wYSBMb29tcGEiIC8+Ijt9'));
elseif (isset($area['icon']) && file_exists($settings['theme_dir'] . '/images/admin/' . $area['icon']))
$menu_context['sections'][$section_id]['areas'][$area_id]['icon'] = '<img src="' . $settings['images_url'] . '/admin/' . $area['icon'] . '" alt="">';
elseif (isset($area['icon']) && file_exists($settings['default_theme_dir'] . '/images/admin/' . $area['icon']))

0 comments on commit 19e560b

Please sign in to comment.
You can’t perform that action at this time.