From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)
---
plugins/database_attachments/database_attachments.php | 22 +++++++++++-----------
1 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/plugins/database_attachments/database_attachments.php b/plugins/database_attachments/database_attachments.php
index 47e2b52..735915a 100644
--- a/plugins/database_attachments/database_attachments.php
+++ b/plugins/database_attachments/database_attachments.php
@@ -13,7 +13,9 @@
* @author Aleksander Machniak <alec@alec.pl>
* @version @package_version@
*/
-require_once('plugins/filesystem_attachments/filesystem_attachments.php');
+
+require_once INSTALL_PATH . 'plugins/filesystem_attachments/filesystem_attachments.php';
+
class database_attachments extends filesystem_attachments
{
// Cache object
@@ -41,9 +43,9 @@
$status = $cache->write($key, $data);
if ($status) {
- $args['id'] = $key;
+ $args['id'] = $key;
$args['status'] = true;
- unset($args['path']);
+ $args['path'] = null;
}
return $args;
@@ -84,14 +86,10 @@
*/
function remove($args)
{
- $args['status'] = false;
-
$cache = $this->get_cache();
$status = $cache->remove($args['id']);
- if ($status) {
- $args['status'] = true;
- }
+ $args['status'] = true;
return $args;
}
@@ -128,8 +126,10 @@
*/
function cleanup($args)
{
- $cache = $this->get_cache();
- $cache->remove($args['group'], true);
+ // check if cache object exist, it may be empty on session_destroy (#1489726)
+ if ($cache = $this->get_cache()) {
+ $cache->remove($args['group'], true);
+ }
}
/**
@@ -155,7 +155,7 @@
$type = $rcmail->config->get('database_attachments_cache', 'db');
// Init SQL cache (disable cache data serialization)
- $this->cache = $rcmail->get_cache($this->prefix, 'db', $ttl, false);
+ $this->cache = $rcmail->get_cache($this->prefix, $type, $ttl, false);
}
return $this->cache;
--
Gitblit v1.9.1