Skip to content
Permalink
Browse files

Fix object injection vulnerability

  • Loading branch information...
yurabakhtin committed Sep 28, 2016
1 parent 6bf5e57 commit 25c21cf9cc4261324001f9039509710b37ee2c4d
Showing with 12 additions and 4 deletions.
  1. +12 −4 htsrv/call_plugin.php
@@ -30,13 +30,21 @@
param( 'method', 'string', '' );
param( 'params', 'string', null ); // serialized
if( is_null($params) )
{ // Default:
if( is_null( $params ) )
{ // Use empty array by default if params are not sent by request:
$params = array();
}
else
{ // params given. This may result in "false", but this means that unserializing failed.
$params = @unserialize($params);
{ // Params given:
if( substr( $params, 0, 2 ) == 'a:' )
{ // Allow to unserialize only arrays, to avoid object injection vulnerability:
// (This may result in "false", but this means that unserializing failed)
$params = @unserialize( $params );
}
else
{ // Restrict all non array params to empty array:
$params = array();
}
}

0 comments on commit 25c21cf

Please sign in to comment.
You can’t perform that action at this time.