diff options
| author | Andrew Dolgov <[email protected]> | 2019-08-14 09:49:18 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2019-08-14 09:49:18 +0300 |
| commit | 3c075bfd21adac9a4dde4fab6bd22886d6173d30 (patch) | |
| tree | 29e29d6fbb1ce196c5af807338c8a56abf518f85 /classes | |
| parent | 65450f8a2bbf325d26177c2589c3a9bbe67d8f80 (diff) | |
DiskCache: more strict checking for input filenames, getUrl() is no longer static
Diffstat (limited to 'classes')
| -rwxr-xr-x | classes/article.php | 6 | ||||
| -rw-r--r-- | classes/diskcache.php | 10 | ||||
| -rwxr-xr-x | classes/handler/public.php | 8 |
3 files changed, 10 insertions, 14 deletions
diff --git a/classes/article.php b/classes/article.php index 62ea1f3b9..67b1a4a05 100755 --- a/classes/article.php +++ b/classes/article.php @@ -673,10 +673,12 @@ class Article extends Handler_Protected { $rv = array(); + $cache = new DiskCache("images"); + while ($line = $sth->fetch()) { - if (file_exists(CACHE_DIR . '/images/' . sha1($line["content_url"]))) { - $line["content_url"] = DiskCache::getUrl(sha1($line["content_url"])); + if ($cache->exists(sha1($line["content_url"]))) { + $line["content_url"] = $cache->getUrl(sha1($line["content_url"])); } array_push($rv, $line); diff --git a/classes/diskcache.php b/classes/diskcache.php index 41609d6b5..92fd23ad4 100644 --- a/classes/diskcache.php +++ b/classes/diskcache.php @@ -3,7 +3,7 @@ class DiskCache { private $dir; public function __construct($dir) { - $this->dir = CACHE_DIR . "/" . basename($dir); + $this->dir = CACHE_DIR . "/" . clean_filename($dir); } public function getDir() { @@ -39,7 +39,7 @@ class DiskCache { } public function getFullPath($filename) { - $filename = basename($filename); + $filename = clean_filename($filename); return $this->dir . "/" . $filename; } @@ -72,8 +72,8 @@ class DiskCache { return send_local_file($this->getFullPath($filename)); } - static public function getUrl($filename) { - return get_self_url_prefix() . "/public.php?op=cached_url&file=" . $filename; + public function getUrl($filename) { + return get_self_url_prefix() . "/public.php?op=cached_url&file=" . basename($this->dir) . "/" . $filename; } // check for locally cached (media) URLs and rewrite to local versions @@ -103,7 +103,7 @@ class DiskCache { if ($cache->getSize($cached_filename) > 0) { - $src = DiskCache::getUrl(sha1($src)); + $src = $cache->getUrl(sha1($src)); if ($entry->hasAttribute('poster')) $entry->setAttribute('poster', $src); diff --git a/classes/handler/public.php b/classes/handler/public.php index 901844e36..4c904231e 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -1202,13 +1202,7 @@ class Handler_Public extends Handler { } function cached_url() { - $filename = $_GET['file']; - - if (strpos($filename, "/") !== FALSE) { - list ($cache_dir, $filename) = explode("/", $filename, 2); - } else { - $cache_dir = "images"; - } + list ($cache_dir, $filename) = explode("/", $_GET["file"], 2); $cache = new DiskCache($cache_dir); |