File: 1047_CVE-2019-14466-1_replace_unserialize_with_json_encode%2Bjson_decode.patch

package info (click to toggle)
gosa 2.7.4%2Breloaded3-16
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 38,716 kB
  • sloc: php: 87,789; perl: 14,364; xml: 4,987; javascript: 4,127; sh: 887; pascal: 306; sql: 263; python: 162; makefile: 76
file content (47 lines) | stat: -rw-r--r-- 2,063 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
From e1504e9765db2adde8b4685b5c93fbba57df868b Mon Sep 17 00:00:00 2001
From: Fabian Henneke <fabian@henneke.me>
Date: Mon, 29 Jul 2019 15:54:29 +0200
Subject: [PATCH] Replace (un)serialize with json_encode/json_decode

---
 gosa-core/html/index.php | 4 ++--
 gosa-core/html/main.php  | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

--- a/gosa-core/html/index.php
+++ b/gosa-core/html/index.php
@@ -338,9 +338,9 @@
                 if(isset($_COOKIE['GOsa_Filter_Settings']) || isset($HTTP_COOKIE_VARS['GOsa_Filter_Settings'])) {
 
                     if(isset($_COOKIE['GOsa_Filter_Settings'])) {
-                        $cookie_all = unserialize(base64_decode($_COOKIE['GOsa_Filter_Settings']));
+                        $cookie_all = json_decode(base64_decode($_COOKIE['GOsa_Filter_Settings']));
                     }else{
-                        $cookie_all = unserialize(base64_decode($HTTP_COOKIE_VARS['GOsa_Filter_Settings']));
+                        $cookie_all = json_decode(base64_decode($HTTP_COOKIE_VARS['GOsa_Filter_Settings']));
                     }
                     if(isset($cookie_all[$ui->dn])) {
                         $cookie = $cookie_all[$ui->dn];
--- a/gosa-core/html/main.php
+++ b/gosa-core/html/main.php
@@ -480,9 +480,9 @@
 $cookie = array();
 
 if(isset($_COOKIE['GOsa_Filter_Settings'])){
-  $cookie = unserialize(base64_decode($_COOKIE['GOsa_Filter_Settings']));
+  $cookie = json_decode(base64_decode($_COOKIE['GOsa_Filter_Settings']));
 }elseif(isset($HTTP_COOKIE_VARS['GOsa_Filter_Settings'])){
-  $cookie = unserialize(base64_decode($HTTP_COOKIE_VARS['GOsa_Filter_Settings']));
+  $cookie = json_decode(base64_decode($HTTP_COOKIE_VARS['GOsa_Filter_Settings']));
 }
 
 /* Save filters? */
@@ -496,7 +496,7 @@
   if(isset($_GET['plug'])){
     $cookie[$ui->dn]['plug'] = $_GET['plug'];
   }
-  @setcookie("GOsa_Filter_Settings",base64_encode(serialize($cookie)),time() + (60*60*24));
+  @setcookie("GOsa_Filter_Settings",base64_encode(json_encode($cookie)),time() + (60*60*24));
 }
 
 /* Show page... */