mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Admin interface security improved, thanks to Stefan Esser.

Browse Source
This commit is contained in:
Garvin Hicking 2007-07-12 11:23:05 +00:00
parent 472432b1b9
commit 0c41b7b558
5 changed files with 44 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/NEWS
View File

@ -19,6 +19,12 @@ Version 1.3 ()
Version 1.2 () Version 1.2 ()
------------------------------------------------------------------------ ------------------------------------------------------------------------
* Stronger autologin cookie encryption, prevent mixup with template
options (which could make foreign users delete your configured
template option keys). Also use new serendpity_db_implode()
function for a safer API on image handling.
All hail Stefan Esser. :)
* Backend templating changes to insert more classes to input fields * Backend templating changes to insert more classes to input fields
etc (Don Chambers) etc (Don Chambers)

27
include/db/db.inc.php
View File

@ -152,4 +152,31 @@ function serendipity_db_get_interval($val, $ival = 900) {
} }
} }
/**
* Operates on an array to prepare it for SQL usage.
*
* @access public
* @param string Concatenation character
* @param array Input array
* @param string How to convert (int: Only numbers, string: serendipity_db_escape_String)
* @return string Imploded string
*/
function serendipity_db_implode($string, &$array, $type = 'int') {
$new_array = array();
if (!is_array($array)) {
return '';
}
foreach($array AS $idx => $key) {
if ($type == 'int') {
$new_array[$idx] = (int)$key;
} else {
$new_array[$idx] = serendipity_db_escape_string($key);
}
}
$string = implode($string, $new_array);
return $string;
}
/* vim: set sts=4 ts=4 expandtab : */ /* vim: set sts=4 ts=4 expandtab : */

12
include/functions_config.inc.php
View File

@ -420,13 +420,15 @@ function serendipity_issueAutologin($array) {
} }
$package = base64_encode($package); $package = base64_encode($package);
$rnd = md5(time() . $_SERVER['REMOTE_ADDR']); $rnd = md5(uniqid(time(), true) . $_SERVER['REMOTE_ADDR']);
// Delete possible current cookie // Delete possible current cookie. Also delete any autologin keys that smell like 3-week-old, dead fish.
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options WHERE okey = '" . serendipity_db_escape_string($serendipity['COOKIE']['author_information']) . "'"); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options
WHERE okey = 'l_" . serendipity_db_escape_string($serendipity['COOKIE']['author_information']) . "'
OR (okey LIKE 'l_%' AND name < " . (time() - 1814400) . ")");
// Issue new autologin cookie // Issue new autologin cookie
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) VALUES ('" . time() . "', '" . serendipity_db_escape_string($package) . "', '" . $rnd . "')"); serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) VALUES ('" . time() . "', '" . serendipity_db_escape_string($package) . "', 'l_" . $rnd . "')");
serendipity_setCookie('author_information', $rnd); serendipity_setCookie('author_information', $rnd);
} }
@ -438,7 +440,7 @@ function serendipity_checkAutologin($ident, $iv) {
global $serendipity; global $serendipity;
// Fetch login data from DB // Fetch login data from DB
$autologin =& serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}options WHERE okey = '" . serendipity_db_escape_string($ident) . "' LIMIT 1", true, 'assoc'); $autologin =& serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}options WHERE okey = 'l_" . serendipity_db_escape_string($ident) . "' LIMIT 1", true, 'assoc');
if (!is_array($autologin)) { if (!is_array($autologin)) {
return false; return false;
} }

10
include/functions_images.inc.php
View File

@ -92,12 +92,8 @@ function serendipity_fetchImagesFromDatabase($start=0, $limit=0, &$total, $order
} }
} }
foreach($keywords AS $i => $keyword) {
$keywords[$i] = serendipity_db_escape_string($keyword);
}
if (count($keywords) > 0) { if (count($keywords) > 0) {
$cond['parts']['keywords'] = " AND (mk.property IN ('" . implode("', '", $keywords) . "'))\n"; $cond['parts']['keywords'] = " AND (mk.property IN ('" . serendipity_db_implode("', '", $keywords, 'string') . "'))\n";
$cond['joinparts']['keywords'] = true; $cond['joinparts']['keywords'] = true;
} }
@ -239,7 +235,7 @@ function serendipity_fetchImageFromDatabase($id, $mode = 'read') {
if (is_array($id)) { if (is_array($id)) {
$cond = array( $cond = array(
'and' => "WHERE i.id IN (" . implode(',', $id) . ")" 'and' => "WHERE i.id IN (" . serendipity_db_implode(',', $id) . ")"
); );
$single = false; $single = false;
$assocKey = 'id'; $assocKey = 'id';
@ -2476,7 +2472,7 @@ function &serendipity_fetchMediaProperties($id) {
$sql = "SELECT mediaid, property, property_group, property_subgroup, value $sql = "SELECT mediaid, property, property_group, property_subgroup, value
FROM {$serendipity['dbPrefix']}mediaproperties FROM {$serendipity['dbPrefix']}mediaproperties
WHERE mediaid IN (" . (is_array($id) ? implode(',', $id) : (int)$id) . ")"; WHERE mediaid IN (" . (is_array($id) ? serendipity_db_implode(',', $id) : (int)$id) . ")";
$rows = serendipity_db_query($sql, false, 'assoc'); $rows = serendipity_db_query($sql, false, 'assoc');
$props = array(); $props = array();
if (is_array($rows)) { if (is_array($rows)) {

3
serendipity_config.inc.php
View File

@ -16,8 +16,7 @@ if (!headers_sent()) {
// and be regenerated with a system-generated SID. // and be regenerated with a system-generated SID.
// Patch by David Vieira-Kurz of majorsecurity.de // Patch by David Vieira-Kurz of majorsecurity.de
if (!isset($_SESSION['SERVER_GENERATED_SID'])) { if (!isset($_SESSION['SERVER_GENERATED_SID'])) {
session_destroy(); session_regenerate_id(true);
session_regenerate_id();
session_start(); session_start();
header('X-Session-Reinit: true'); header('X-Session-Reinit: true');
$_SESSION['SERVER_GENERATED_SID'] = true; $_SESSION['SERVER_GENERATED_SID'] = true;