torrentpier/torrentpier-lts
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier-lts.git synced 2025-02-28 15:10:54 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated

Browse Source
This commit is contained in:
Roman Kelesidis 2024-07-13 19:59:41 +07:00
parent fddb49331f
commit 864844e6dd
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -4,6 +4,7 @@
[Full Changelog](https://github.com/torrentpier/torrentpier-lts/compare/v2.1.5-2024.07...v2.1.5-2024.0X) [Full Changelog](https://github.com/torrentpier/torrentpier-lts/compare/v2.1.5-2024.07...v2.1.5-2024.0X)
- Release v2.1.5-2024.0X 🎉 - Release v2.1.5-2024.0X 🎉
- CWE-502 Fixed: Deserialization of untrusted data
- Admin panel -> Ranks: Added support for images in URLs - Admin panel -> Ranks: Added support for images in URLs
- Fixed broken "Disable Board" function - Fixed broken "Disable Board" function
- Some other changes / improvements - Some other changes / improvements

4
library/includes/functions.php
View File

@ -47,7 +47,7 @@ function get_tracks ($type)
default: default:
trigger_error(__FUNCTION__ .": invalid type '$type'", E_USER_ERROR); trigger_error(__FUNCTION__ .": invalid type '$type'", E_USER_ERROR);
} }
$tracks = !empty($_COOKIE[$c_name]) ? @unserialize($_COOKIE[$c_name]) : false; $tracks = !empty($_COOKIE[$c_name]) ? json_decode($_COOKIE[$c_name], true) : false;
return ($tracks) ? $tracks : array(); return ($tracks) ? $tracks : array();
} }
@ -95,7 +95,7 @@ function set_tracks ($cookie_name, &$tracking_ary, $tracks = null, $val = TIMENO
if (array_diff($tracking_ary, $prev_tracking_ary)) if (array_diff($tracking_ary, $prev_tracking_ary))
{ {
bb_setcookie($cookie_name, serialize($tracking_ary)); bb_setcookie($cookie_name, json_encode($tracking_ary));
} }
} }

4
library/includes/sessions.php
View File

@ -453,7 +453,7 @@ class user_common
*/ */
function get_sessiondata () function get_sessiondata ()
{ {
$sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? @unserialize($_COOKIE[COOKIE_DATA]) : array(); $sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? json_decode($_COOKIE[COOKIE_DATA], true) : array();
// autologin_id // autologin_id
if (!empty($sd_resv['uk']) && verify_id($sd_resv['uk'], LOGIN_KEY_LENGTH)) if (!empty($sd_resv['uk']) && verify_id($sd_resv['uk'], LOGIN_KEY_LENGTH))
@ -526,7 +526,7 @@ class user_common
// Set bb_data (session) cookie // Set bb_data (session) cookie
$c_sdata_resv = !empty($_COOKIE[COOKIE_DATA]) ? $_COOKIE[COOKIE_DATA] : null; $c_sdata_resv = !empty($_COOKIE[COOKIE_DATA]) ? $_COOKIE[COOKIE_DATA] : null;
$c_sdata_curr = ($this->sessiondata) ? serialize($this->sessiondata) : ''; $c_sdata_curr = ($this->sessiondata) ? json_encode($this->sessiondata) : '';
if ($c_sdata_curr !== $c_sdata_resv) if ($c_sdata_curr !== $c_sdata_resv)
{ {