Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Overhauled v0.812.2 fix for local file inclusion vulnerability. For details, see http://www.guanting.com/security/exploit/information/27269.html .

Browse Source
This commit is contained in:
azett 2019-12-25 19:39:07 +01:00
parent 9e8298ec05
commit 23c4c33ee1
1 changed files with 98 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
fp-includes/core/core.users.php
View File

@ -3,7 +3,9 @@
class user_lister extends fs_filelister { class user_lister extends fs_filelister {
var $_varname = 'cache'; var $_varname = 'cache';
var $_cachefile = null; var $_cachefile = null;
var $_directory = USERS_DIR; var $_directory = USERS_DIR;
function bdb_entrylister() { function bdb_entrylister() {
@ -20,24 +22,19 @@
} }
function user_list() { function user_list() {
$obj = new user_lister; $obj = new user_lister();
if ($users = $obj->getList()) { if ($users = $obj->getList()) {
return $entry_arr; return $entry_arr;
} else return false; } else
return false;
} }
function user_pwd($userid, $pwd) { function user_pwd($userid, $pwd) {
return wp_hash($userid . $pwd); return wp_hash($userid . $pwd);
} }
function user_login($userid, $pwd, $params = null) { function user_login($userid, $pwd, $params = null) {
global $loggedin; global $loggedin;
$loggedin = false; $loggedin = false;
@ -54,7 +51,6 @@
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
} }
return $loggedin; return $loggedin;
@ -67,16 +63,12 @@
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
} }
$loggedin = false; $loggedin = false;
} }
function user_loggedin() { function user_loggedin() {
global $loggedin, $fp_user; global $loggedin, $fp_user;
if ($loggedin) if ($loggedin)
@ -87,7 +79,6 @@
return $loggedin = false; return $loggedin = false;
} }
$fp_user = user_get($_COOKIE [USER_COOKIE]); $fp_user = user_get($_COOKIE [USER_COOKIE]);
if (!$fp_user) { if (!$fp_user) {
@ -102,31 +93,28 @@
$fp_user = null; $fp_user = null;
$loggedin = false; $loggedin = false;
return false; return false;
} }
function user_get($userid = null) { function user_get($userid = null) {
if ($userid == null && ($user = user_loggedin())) { if ($userid == null && ($user = user_loggedin())) {
return $user; return $user;
} }
if (!preg_match('![/\\.]!', $userid) &&
file_exists($f = USERS_DIR . $userid.".php")) {
include($f);
// We need to include the user file.
// At first: Get files in fp_content/users (array_slice removes first elements "." and "..")
$userfiles = array_slice(scandir(USERS_DIR), 2);
// If PHP file for given user exists ...
if (in_array($userid . '.php', $userfiles)) {
// ... include it
include (USERS_DIR . $userid . ".php");
return $user; return $user;
} }
} }
function user_add($user) { function user_add($user) {
$user ['password'] = user_pwd($user ['userid'], $user ['password']); $user ['password'] = user_pwd($user ['userid'], $user ['password']);
return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user')); return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user'));
} }
?> ?>