mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-06-01 20:04:51 +02:00
fixes GHSA-rr39-mf4j-6594 prevent displaying RAW cookie content
... and also factorize code checking the cookie.lang user input
This commit is contained in:
plegall
+1
-11
@@ -125,17 +125,7 @@ if (!$conf['gallery_locked'] && (!isset($themeconf['hide_menu_on']) OR !in_array
|
|||||||
include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
|
include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
|
||||||
}
|
}
|
||||||
|
|
||||||
//Load language if cookie is set from login/register/password pages
|
load_cookie_language();
|
||||||
if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
|
|
||||||
{
|
|
||||||
if (!array_key_exists($_COOKIE['lang'], get_languages()))
|
|
||||||
{
|
|
||||||
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
|
|
||||||
}
|
|
||||||
|
|
||||||
$user['language'] = $_COOKIE['lang'];
|
|
||||||
load_language('common.lang', '', array('language'=>$user['language']));
|
|
||||||
}
|
|
||||||
|
|
||||||
//Get list of languages
|
//Get list of languages
|
||||||
foreach (get_languages() as $language_code => $language_name)
|
foreach (get_languages() as $language_code => $language_name)
|
||||||
|
|||||||
@@ -1937,6 +1937,48 @@ function load_language($filename, $dirname = '', $options = array())
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function load_cookie_language($load_language=true, $update_user=false, $unset_cookie=false, $user_id=null)
|
||||||
|
{
|
||||||
|
global $user;
|
||||||
|
|
||||||
|
// Load language if cookie is set from login/register/password pages
|
||||||
|
if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
|
||||||
|
{
|
||||||
|
if (!array_key_exists($_COOKIE['lang'], get_languages()))
|
||||||
|
{
|
||||||
|
fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
|
||||||
|
}
|
||||||
|
|
||||||
|
$user['language'] = $_COOKIE['lang'];
|
||||||
|
|
||||||
|
if ($update_user)
|
||||||
|
{
|
||||||
|
single_update(
|
||||||
|
USER_INFOS_TABLE,
|
||||||
|
array(
|
||||||
|
'language' => $_COOKIE['lang']
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'user_id' => $user_id ?? $user['id']
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($load_language)
|
||||||
|
{
|
||||||
|
load_language('common.lang', '', array('language'=>$user['language']));
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($unset_cookie)
|
||||||
|
{
|
||||||
|
// We unset the lang cookie, if user has changed their language using interface
|
||||||
|
// we don't want to keep setting it back to what was chosen using standard
|
||||||
|
// pages lang switch
|
||||||
|
setcookie("lang", "", time() - 3600);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* converts a string from a character set to another character set
|
* converts a string from a character set to another character set
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -1051,25 +1051,7 @@ function log_user($user_id, $remember_me)
|
|||||||
//New default login and register pages, if users changes languages and succesfully logs in
|
//New default login and register pages, if users changes languages and succesfully logs in
|
||||||
//we want to update the userpref language stored in a cookie
|
//we want to update the userpref language stored in a cookie
|
||||||
|
|
||||||
//TODO check value of cookie
|
load_cookie_language(false, true, true, $user_id);
|
||||||
|
|
||||||
if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
|
|
||||||
{
|
|
||||||
if (!array_key_exists($_COOKIE['lang'], get_languages()))
|
|
||||||
{
|
|
||||||
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
|
|
||||||
}
|
|
||||||
|
|
||||||
single_update(
|
|
||||||
USER_INFOS_TABLE,
|
|
||||||
array('language' => $_COOKIE['lang']),
|
|
||||||
array('user_id' => $user_id)
|
|
||||||
);
|
|
||||||
|
|
||||||
// We unset the lang cookie, if user has changed their language using interface we don't want to keep setting it back
|
|
||||||
// to what was chosen using standard pages lang switch
|
|
||||||
setcookie("lang", "", time() - 3600);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($remember_me and $conf['authorize_remembering'])
|
if ($remember_me and $conf['authorize_remembering'])
|
||||||
{
|
{
|
||||||
|
|||||||
+1
-11
@@ -489,17 +489,7 @@ if (!isset($themeconf['hide_menu_on']) OR !in_array('thePasswordPage', $themecon
|
|||||||
include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
|
include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
|
||||||
}
|
}
|
||||||
|
|
||||||
//Load language if cookie is set from login/register/password pages
|
load_cookie_language();
|
||||||
if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
|
|
||||||
{
|
|
||||||
if (!array_key_exists($_COOKIE['lang'], get_languages()))
|
|
||||||
{
|
|
||||||
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
|
|
||||||
}
|
|
||||||
|
|
||||||
$user['language'] = $_COOKIE['lang'];
|
|
||||||
load_language('common.lang', '', array('language'=>$user['language']));
|
|
||||||
}
|
|
||||||
|
|
||||||
//Get list of languages
|
//Get list of languages
|
||||||
foreach (get_languages() as $language_code => $language_name)
|
foreach (get_languages() as $language_code => $language_name)
|
||||||
|
|||||||
+1
-21
@@ -78,27 +78,7 @@ SELECT '.implode(',', $fields).'
|
|||||||
|
|
||||||
include(PHPWG_ROOT_PATH.'include/page_header.php');
|
include(PHPWG_ROOT_PATH.'include/page_header.php');
|
||||||
|
|
||||||
//Load language if cookie is set from login/register/password pages
|
load_cookie_language(true, true);
|
||||||
if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
|
|
||||||
{
|
|
||||||
if (!array_key_exists($_COOKIE['lang'], get_languages()))
|
|
||||||
{
|
|
||||||
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
|
|
||||||
}
|
|
||||||
|
|
||||||
$user['language'] = $_COOKIE['lang'];
|
|
||||||
single_update(
|
|
||||||
USER_INFOS_TABLE,
|
|
||||||
array(
|
|
||||||
'language' => $_COOKIE['lang']
|
|
||||||
),
|
|
||||||
array(
|
|
||||||
'user_id' => $user['id']
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
load_language('common.lang', '', array('language'=>$user['language']));
|
|
||||||
}
|
|
||||||
|
|
||||||
//Get list of languages
|
//Get list of languages
|
||||||
foreach (get_languages() as $language_code => $language_name)
|
foreach (get_languages() as $language_code => $language_name)
|
||||||
|
|||||||
+1
-11
@@ -101,17 +101,7 @@ if (!isset($themeconf['hide_menu_on']) OR !in_array('theRegisterPage', $themecon
|
|||||||
include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
|
include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
|
||||||
}
|
}
|
||||||
|
|
||||||
//Load language if cookie is set from login/register/password pages
|
load_cookie_language();
|
||||||
if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
|
|
||||||
{
|
|
||||||
if (!array_key_exists($_COOKIE['lang'], get_languages()))
|
|
||||||
{
|
|
||||||
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
|
|
||||||
}
|
|
||||||
|
|
||||||
$user['language'] = $_COOKIE['lang'];
|
|
||||||
load_language('common.lang', '', array('language'=>$user['language']));
|
|
||||||
}
|
|
||||||
|
|
||||||
//Get list of languages
|
//Get list of languages
|
||||||
foreach (get_languages() as $language_code => $language_name)
|
foreach (get_languages() as $language_code => $language_name)
|
||||||
|
|||||||
Reference in New Issue
Block a user