Changeset 3798

Timestamp:

05/26/2006 09:14:36 PM (20 years ago)

Author:

ryan

Message:

base64 cached objects and store within multi-line comment block to avoid CRLF injections into the cache. Props Peter Westwood.

Location:

trunk/wp-includes

Files:

• cache.php (modified) (3 diffs)
• version.php (modified) (1 diff)

trunk/wp-includes/cache.php

@@ -48 +48 @@
 }
 
-define('CACHE_SERIAL_HEADER', "<?php\n//");
-define('CACHE_SERIAL_FOOTER', "\n?".">");
+define('CACHE_SERIAL_HEADER', "<?php\n/*");
+define('CACHE_SERIAL_FOOTER', "*/\n?".">");
 
 class WP_Object_Cache {
@@ -159 +159 @@
         }
 
-        $this->cache[$group][$id] = unserialize(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER)));
+        $this->cache[$group][$id] = unserialize(base64_decode(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER))));
         if (false === $this->cache[$group][$id])
             $this->cache[$group][$id] = '';
@@ -333 +333 @@
 
                 $temp_file = tempnam($group_dir, 'tmp');
-                $serial = CACHE_SERIAL_HEADER.serialize($this->cache[$group][$id]).CACHE_SERIAL_FOOTER;
+                $serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group][$id])).CACHE_SERIAL_FOOTER;
                 $fd = @fopen($temp_file, 'w');
                 if ( false === $fd ) {

trunk/wp-includes/version.php

@@ -4 +4 @@
 
 $wp_version = '2.1-alpha1';
-$wp_db_version = 3767;
+$wp_db_version = 3797;
 
 ?>