Opened 13 years ago

Closed 13 years ago

#578 closed defect (fixed)

Magic Quotes prevents ImageManager backend security check from working

Reported by: mike@… Owned by: yermol
Priority: normal Milestone:
Component: Plugin_ImageManager Version: trunk
Severity: normal Keywords:
Cc:

Description

While working on a plugin for Xinha on Wordpress, I had trouble with the backend_config for ImageManager?. I kept getting hash mismatch security errors and I finally figured out why.

Using the recommended client side code to build the hash, I was using the jsaddslashes routine:

xinha_config.ImageManager?.backend_config = '<?php echo (jsaddslashes($IMConfig)); ?>';
xinha_config.ImageManager?.backend_config_hash = '<?php echo sha1($IMConfig . $_SESSIONXinha:ImageManager?); ?>';
xinha_config.ImageManager?.backend_secret_key_location = 'Xinha:ImageManager';

However, even if I took the jsaddslashes routine out, debug stmts in config.inc.php showed $_REQUESTbackend_config? with encoded slashes still. Since the hash was computed WITHOUT slashes in the serialized array, the hashes would never match during the security checks since the slashes still existed in when teh hash was built in config.inc.php.

If I disabled the security check, the array could not be unserialized since the slashes were still there. I finally realized that I have magic_quotes enabled for PHP, thus the strings are being slash encoded already.

I solved this problem by adding this line under session_start in ImageManager?/config.inc.php (Line 209 in the version of Xinha I'm using)

if (get_magic_quotes_gpc()) $_REQUESTbackend_config? = stripslashes($_REQUESTbackend_config?);

Once I did this, all the security checks and syntax checks/unserialization worked fine.

This was on PHP 4.3.8

Change History (1)

comment:1 Changed 13 years ago by gogo

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in changeset:407

Note: See TracTickets for help on using tickets.