Fix: Critical security vulnerability

2013-03-15 00:40:02 +11:00 · 2013-03-15 00:40:02 +11:00 · 1816218c64
commit 1816218c64
parent 2051018ba1
1 changed files with 28 additions and 17 deletions
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@ -114,7 +114,14 @@ function mod_dashboard() {
 		} else {
 			$ctx = stream_context_create(array('http' => array('timeout' => 5)));
 			if ($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) {
-				eval($code);
+				$ver = strtok($code, "\n");
+				
+				if (preg_match('@^// v(\d+)\.(\d+)\.(\d+)\s*?$@', $ver, $matches)) {
+					$latest = array(
+						'massive' => $matches[1],
+						'major' => $matches[2],
+						'minor' => $matches[3]
+					);
 					if (preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) {
 						$current = array(
 							'massive' => (int) $matches[1],
@ -140,6 +147,10 @@ function mod_dashboard() {
 					// Couldn't get latest version
 					$latest = false;
 				}
+			} else {
+				// Couldn't get latest version
+				$latest = false;
+			}
 	
 			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
 		}