Version 1.2 ()
------------------------------------------------------------------------
+ * Stronger autologin cookie encryption, prevent mixup with template
+ options (which could make foreign users delete your configured
+ template option keys). Also use new serendpity_db_implode()
+ function for a safer API on image handling.
+ All hail Stefan Esser. :)
+
* Backend templating changes to insert more classes to input fields
etc (Don Chambers)
}
}
+/**
+ * Operates on an array to prepare it for SQL usage.
+ *
+ * @access public
+ * @param string Concatenation character
+ * @param array Input array
+ * @param string How to convert (int: Only numbers, string: serendipity_db_escape_String)
+ * @return string Imploded string
+ */
+function serendipity_db_implode($string, &$array, $type = 'int') {
+ $new_array = array();
+ if (!is_array($array)) {
+ return '';
+ }
+
+ foreach($array AS $idx => $key) {
+ if ($type == 'int') {
+ $new_array[$idx] = (int)$key;
+ } else {
+ $new_array[$idx] = serendipity_db_escape_string($key);
+ }
+ }
+
+ $string = implode($string, $new_array);
+ return $string;
+}
+
/* vim: set sts=4 ts=4 expandtab : */
}
$package = base64_encode($package);
- $rnd = md5(time() . $_SERVER['REMOTE_ADDR']);
+ $rnd = md5(uniqid(time(), true) . $_SERVER['REMOTE_ADDR']);
- // Delete possible current cookie
- serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options WHERE okey = '" . serendipity_db_escape_string($serendipity['COOKIE']['author_information']) . "'");
+ // Delete possible current cookie. Also delete any autologin keys that smell like 3-week-old, dead fish.
+ serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options
+ WHERE okey = 'l_" . serendipity_db_escape_string($serendipity['COOKIE']['author_information']) . "'
+ OR (okey LIKE 'l_%' AND name < " . (time() - 1814400) . ")");
// Issue new autologin cookie
- serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) VALUES ('" . time() . "', '" . serendipity_db_escape_string($package) . "', '" . $rnd . "')");
+ serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) VALUES ('" . time() . "', '" . serendipity_db_escape_string($package) . "', 'l_" . $rnd . "')");
serendipity_setCookie('author_information', $rnd);
}
global $serendipity;
// Fetch login data from DB
- $autologin =& serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}options WHERE okey = '" . serendipity_db_escape_string($ident) . "' LIMIT 1", true, 'assoc');
+ $autologin =& serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}options WHERE okey = 'l_" . serendipity_db_escape_string($ident) . "' LIMIT 1", true, 'assoc');
if (!is_array($autologin)) {
return false;
}
}
}
- foreach($keywords AS $i => $keyword) {
- $keywords[$i] = serendipity_db_escape_string($keyword);
- }
-
if (count($keywords) > 0) {
- $cond['parts']['keywords'] = " AND (mk.property IN ('" . implode("', '", $keywords) . "'))\n";
+ $cond['parts']['keywords'] = " AND (mk.property IN ('" . serendipity_db_implode("', '", $keywords, 'string') . "'))\n";
$cond['joinparts']['keywords'] = true;
}
if (is_array($id)) {
$cond = array(
- 'and' => "WHERE i.id IN (" . implode(',', $id) . ")"
+ 'and' => "WHERE i.id IN (" . serendipity_db_implode(',', $id) . ")"
);
$single = false;
$assocKey = 'id';
$sql = "SELECT mediaid, property, property_group, property_subgroup, value
FROM {$serendipity['dbPrefix']}mediaproperties
- WHERE mediaid IN (" . (is_array($id) ? implode(',', $id) : (int)$id) . ")";
+ WHERE mediaid IN (" . (is_array($id) ? serendipity_db_implode(',', $id) : (int)$id) . ")";
$rows = serendipity_db_query($sql, false, 'assoc');
$props = array();
if (is_array($rows)) {
// and be regenerated with a system-generated SID.
// Patch by David Vieira-Kurz of majorsecurity.de
if (!isset($_SESSION['SERVER_GENERATED_SID'])) {
- session_destroy();
- session_regenerate_id();
+ session_regenerate_id(true);
session_start();
header('X-Session-Reinit: true');
$_SESSION['SERVER_GENERATED_SID'] = true;
projects / s9y.git / commitdiff