Skip to content
Permalink
Browse files Browse the repository at this point in the history
remove unsafe unserialize
  • Loading branch information
erankor committed Aug 22, 2017
1 parent 10abc61 commit 6a6d143
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 17 deletions.
16 changes: 1 addition & 15 deletions alpha/apps/kaltura/lib/kalturaAction.class.php
Expand Up @@ -453,21 +453,7 @@ protected function setExpiryCredential ( $cred_name , $ttl_in_sec )

protected function getUserzoneCookie()
{
$cookie = $this->getContext()->getRequest()->getCookie('userzone');
$length = strlen($cookie);
if ($length <= 0)
return null;

$serialized_data = substr($cookie, 0, $length - 32);
$hash_signiture = substr($cookie, $length - 32);

// check the signiture
if (md5($serialized_data . $this->cookieSecret) != $hash_signiture)
return null;

$userzone_data = unserialize(base64_decode($serialized_data));

return array($userzone_data['id'], $userzone_data['email'], $userzone_data['screenname']);
return null;
}

protected function followRedirectCookie()
Expand Down
Expand Up @@ -28,7 +28,7 @@ public function execute()
}
elseif ( $algo == "wiki_decode" )
{
$res = @unserialize ( base64_decode (str_replace ( array ( "|02" , "|01" ) , array ( "/" , "|" ) , $str ) ) ) ;
$res = null;
}
elseif ( $algo == "wiki_decode_no_serialize" )
{
Expand Down
Expand Up @@ -51,7 +51,7 @@ public function doAction(Zend_Controller_Action $action)
}
elseif ( $algo == "wiki_decode" )
{
$res = @unserialize ( base64_decode (str_replace ( array ( "|02" , "|01" ) , array ( "/" , "|" ) , $str ) ) ) ;
$res = null;
}
elseif ( $algo == "wiki_decode_no_serialize" )
{
Expand Down

0 comments on commit 6a6d143

Please sign in to comment.