Permalink
Browse files

Switch update checks to json to prevent object injection hacks.

  • Loading branch information...
1 parent c7748bf commit b9a10dabb15c697347bfa7baef69a6e211b2f804 @tburry tburry committed Mar 22, 2013
Showing with 2 additions and 34 deletions.
  1. +1 −33 applications/dashboard/controllers/class.utilitycontroller.php
  2. +1 −1 index.php
@@ -314,50 +314,18 @@ public function UpdateProxy() {
*/
public function UpdateResponse() {
// Get the message, response, and transientkey
- $Messages = TrueStripSlashes(GetValue('Messages', $_POST));
$Response = TrueStripSlashes(GetValue('Response', $_POST));
$TransientKey = GetIncomingValue('TransientKey', '');
// If the key validates
$Session = Gdn::Session();
if ($Session->ValidateTransientKey($TransientKey)) {
- // If messages wasn't empty
- if ($Messages != '') {
- // Unserialize them & save them if necessary
- $Messages = Gdn_Format::Unserialize($Messages);
- if (is_array($Messages)) {
- $MessageModel = new MessageModel();
- foreach ($Messages as $Message) {
- // Check to see if it already exists, and if not, add it.
- if (is_object($Message))
- $Message = Gdn_Format::ObjectAsArray($Message);
-
- $Content = ArrayValue('Content', $Message, '');
- if ($Content != '') {
- $Data = $MessageModel->GetWhere(array('Content' => $Content));
- if ($Data->NumRows() == 0) {
- $MessageModel->Save(array(
- 'Content' => $Content,
- 'AllowDismiss' => ArrayValue('AllowDismiss', $Message, '1'),
- 'Enabled' => ArrayValue('Enabled', $Message, '1'),
- 'Application' => ArrayValue('Application', $Message, 'Dashboard'),
- 'Controller' => ArrayValue('Controller', $Message, 'Settings'),
- 'Method' => ArrayValue('Method', $Message, ''),
- 'AssetTarget' => ArrayValue('AssetTarget', $Message, 'Content'),
- 'CssClass' => ArrayValue('CssClass', $Message, '')
- ));
- }
- }
- }
- }
- }
-
// Save some info to the configuration file
$Save = array();
// If the response wasn't empty, save it in the config
if ($Response != '')
- $Save['Garden.RequiredUpdates'] = Gdn_Format::Unserialize($Response);
+ $Save['Garden.RequiredUpdates'] = @json_decode($Response);
// Record the current update check time in the config.
$Save['Garden.UpdateCheckDate'] = time();
View
@@ -1,6 +1,6 @@
<?php
define('APPLICATION', 'Vanilla');
-define('APPLICATION_VERSION', '2.0.18.5');
+define('APPLICATION_VERSION', '2.0.18.6');
/*
Copyright 2008, 2009 Vanilla Forums Inc.
This file is part of Garden.

0 comments on commit b9a10da

Please sign in to comment.