Fix: Critical security vulnerability

This commit is contained in:
Michael Save 2013-03-15 00:40:02 +11:00
parent 2051018ba1
commit 1816218c64

View File

@ -114,26 +114,37 @@ function mod_dashboard() {
} else { } else {
$ctx = stream_context_create(array('http' => array('timeout' => 5))); $ctx = stream_context_create(array('http' => array('timeout' => 5)));
if ($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) { if ($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) {
eval($code); $ver = strtok($code, "\n");
if (preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) {
$current = array( if (preg_match('@^// v(\d+)\.(\d+)\.(\d+)\s*?$@', $ver, $matches)) {
'massive' => (int) $matches[1], $latest = array(
'major' => (int) $matches[2], 'massive' => $matches[1],
'minor' => (int) $matches[3] 'major' => $matches[2],
'minor' => $matches[3]
); );
if (isset($m[4])) { if (preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) {
// Development versions are always ahead in the versioning numbers $current = array(
$current['minor'] --; 'massive' => (int) $matches[1],
} 'major' => (int) $matches[2],
// Check if it's newer 'minor' => (int) $matches[3]
if (!( $latest['massive'] > $current['massive'] || );
$latest['major'] > $current['major'] || if (isset($m[4])) {
($latest['massive'] == $current['massive'] && // Development versions are always ahead in the versioning numbers
$latest['major'] == $current['major'] && $current['minor'] --;
$latest['minor'] > $current['minor'] }
))) // Check if it's newer
if (!( $latest['massive'] > $current['massive'] ||
$latest['major'] > $current['major'] ||
($latest['massive'] == $current['massive'] &&
$latest['major'] == $current['major'] &&
$latest['minor'] > $current['minor']
)))
$latest = false;
} else {
$latest = false; $latest = false;
}
} else { } else {
// Couldn't get latest version
$latest = false; $latest = false;
} }
} else { } else {