Overhauled v0.812.2 fix for local file inclusion vulnerability. For details, see http://www.guanting.com/security/exploit/information/27269.html .
This commit is contained in:
azett
parent
9e8298ec05
commit
23c4c33ee1
@ -3,7 +3,9 @@
|
||||
class user_lister extends fs_filelister {
|
||||
|
||||
var $_varname = 'cache';
|
||||
|
||||
var $_cachefile = null;
|
||||
|
||||
var $_directory = USERS_DIR;
|
||||
|
||||
function bdb_entrylister() {
|
||||
@ -20,24 +22,19 @@
|
||||
|
||||
}
|
||||
|
||||
|
||||
function user_list() {
|
||||
$obj = new user_lister;
|
||||
$obj = new user_lister();
|
||||
if ($users = $obj->getList()) {
|
||||
return $entry_arr;
|
||||
} else return false;
|
||||
|
||||
|
||||
|
||||
} else
|
||||
return false;
|
||||
}
|
||||
|
||||
function user_pwd($userid, $pwd) {
|
||||
return wp_hash($userid . $pwd);
|
||||
}
|
||||
|
||||
|
||||
function user_login($userid, $pwd, $params = null) {
|
||||
|
||||
global $loggedin;
|
||||
|
||||
$loggedin = false;
|
||||
@ -54,7 +51,6 @@
|
||||
|
||||
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
|
||||
|
||||
}
|
||||
|
||||
return $loggedin;
|
||||
@ -67,16 +63,12 @@
|
||||
|
||||
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
|
||||
}
|
||||
|
||||
$loggedin = false;
|
||||
|
||||
}
|
||||
|
||||
|
||||
function user_loggedin() {
|
||||
|
||||
global $loggedin, $fp_user;
|
||||
|
||||
if ($loggedin)
|
||||
@ -87,7 +79,6 @@
|
||||
return $loggedin = false;
|
||||
}
|
||||
|
||||
|
||||
$fp_user = user_get($_COOKIE [USER_COOKIE]);
|
||||
|
||||
if (!$fp_user) {
|
||||
@ -102,31 +93,28 @@
|
||||
$fp_user = null;
|
||||
$loggedin = false;
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
|
||||
function user_get($userid = null) {
|
||||
if ($userid == null && ($user = user_loggedin())) {
|
||||
return $user;
|
||||
}
|
||||
if (!preg_match('![/\\.]!', $userid) &&
|
||||
file_exists($f = USERS_DIR . $userid.".php")) {
|
||||
include($f);
|
||||
|
||||
// We need to include the user file.
|
||||
// At first: Get files in fp_content/users (array_slice removes first elements "." and "..")
|
||||
$userfiles = array_slice(scandir(USERS_DIR), 2);
|
||||
// If PHP file for given user exists ...
|
||||
if (in_array($userid . '.php', $userfiles)) {
|
||||
// ... include it
|
||||
include (USERS_DIR . $userid . ".php");
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
function user_add($user) {
|
||||
|
||||
$user ['password'] = user_pwd($user ['userid'], $user ['password']);
|
||||
|
||||
return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user'));
|
||||
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user