firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0115,0120]그누보드RCE및XSS취약점수정

Browse Source
This commit is contained in:
thisgun
2020-03-03 18:41:45 +09:00
parent 1395a8f338
commit b28796dd28
2 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/Cache/FileCache.class.php
View File

@ -67,8 +67,14 @@ class FileCache
{
return FALSE;
}
$data = unserialize(file_get_contents( $cache_file_path ));
try{
$file_contents = file_get_contents($cache_file_path);
$file_ex = explode("\n\n", $file_contents);
$data = unserialize(base64_decode($file_ex[1]));
} catch(Exception $e){
$data = array('ttl'=>1, 'time'=>time() - 1000);
}
if ($data['ttl'] > 0 && time() > $data['time'] + $data['ttl'])
{
@ -135,7 +141,10 @@ class FileCache
'data' => $data
);
if ($this->write_file($cache_file_path, serialize($contents)))
$cache_content = "<?php if (!defined('_GNUBOARD_')) exit; ?>\n\n";
$cache_content .= base64_encode(serialize($contents));
if ($this->write_file($cache_file_path, $cache_content))
{
chmod($cache_file_path, G5_FILE_PERMISSION);
return TRUE;
@ -167,7 +176,7 @@ class FileCache
if ($ttl !== null) {
$expire = time() + $ttl;
}
return serialize(array($data, $expire));
return base64_encode(serialize(array($data, $expire)));
}
/**
@ -181,7 +190,7 @@ class FileCache
*/
public function decode($data)
{
return unserialize($data);
return unserialize(base64_decode($data));
}
}
?>