From 1816218c64da5881c681808893ce8a9dc7eb54db Mon Sep 17 00:00:00 2001 From: Michael Save Date: Fri, 15 Mar 2013 00:40:02 +1100 Subject: [PATCH] Fix: Critical security vulnerability --- inc/mod/pages.php | 45 ++++++++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 0ea97fe8..4d588030 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -114,26 +114,37 @@ function mod_dashboard() { } else { $ctx = stream_context_create(array('http' => array('timeout' => 5))); if ($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) { - eval($code); - if (preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) { - $current = array( - 'massive' => (int) $matches[1], - 'major' => (int) $matches[2], - 'minor' => (int) $matches[3] + $ver = strtok($code, "\n"); + + if (preg_match('@^// v(\d+)\.(\d+)\.(\d+)\s*?$@', $ver, $matches)) { + $latest = array( + 'massive' => $matches[1], + 'major' => $matches[2], + 'minor' => $matches[3] ); - if (isset($m[4])) { - // Development versions are always ahead in the versioning numbers - $current['minor'] --; - } - // Check if it's newer - if (!( $latest['massive'] > $current['massive'] || - $latest['major'] > $current['major'] || - ($latest['massive'] == $current['massive'] && - $latest['major'] == $current['major'] && - $latest['minor'] > $current['minor'] - ))) + if (preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) { + $current = array( + 'massive' => (int) $matches[1], + 'major' => (int) $matches[2], + 'minor' => (int) $matches[3] + ); + if (isset($m[4])) { + // Development versions are always ahead in the versioning numbers + $current['minor'] --; + } + // Check if it's newer + if (!( $latest['massive'] > $current['massive'] || + $latest['major'] > $current['major'] || + ($latest['massive'] == $current['massive'] && + $latest['major'] == $current['major'] && + $latest['minor'] > $current['minor'] + ))) + $latest = false; + } else { $latest = false; + } } else { + // Couldn't get latest version $latest = false; } } else {