Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix object injection vulnerability
  • Loading branch information
yurabakhtin committed Sep 28, 2016
1 parent 6bf5e57 commit 25c21cf
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions htsrv/call_plugin.php
Expand Up @@ -30,13 +30,21 @@
param( 'method', 'string', '' );
param( 'params', 'string', null ); // serialized

if( is_null($params) )
{ // Default:
if( is_null( $params ) )
{ // Use empty array by default if params are not sent by request:
$params = array();
}
else
{ // params given. This may result in "false", but this means that unserializing failed.
$params = @unserialize($params);
{ // Params given:
if( substr( $params, 0, 2 ) == 'a:' )
{ // Allow to unserialize only arrays, to avoid object injection vulnerability:
// (This may result in "false", but this means that unserializing failed)
$params = @unserialize( $params );
}
else
{ // Restrict all non array params to empty array:
$params = array();
}
}


Expand Down

0 comments on commit 25c21cf

Please sign in to comment.