Merge pull request Codiad#974 from luminoslty/master

daeks · web-flow · commit 8ff257e508b0 · 2017-04-24T09:55:53.000+02:00
Fixed vulnerability.
diff --git a/common.php b/common.php
@@ -180,6 +180,7 @@ public static function getJSON($file,$namespace=""){
             }
 
             $json = file_get_contents($path . $file);
+            $json = str_replace(["\n\r", "\r", "\n"], "", $json);
             $json = str_replace("|*/?>","",str_replace("<?php/*|","",$json));
             $json = json_decode($json,true);
             return $json;
@@ -197,7 +198,7 @@ public static function saveJSON($file,$data,$namespace=""){
                 if(!is_dir($path)) mkdir($path);
             }
 
-            $data = "<?php/*|" . json_encode($data) . "|*/?>";
+            $data = "<?php\r\n/*|" . json_encode($data) . "|*/\r\n?>";
             $write = fopen($path . $file, 'w') or die("can't open file ".$path.$file);
             fwrite($write, $data);
             fclose($write);
diff --git a/components/install/process.php b/components/install/process.php
@@ -33,7 +33,7 @@ function saveFile($file, $data)
 
 function saveJSON($file, $data)
 {
-    $data = "<?php/*|" . json_encode($data) . "|*/?>";
+    $data = "<?php/*|\r\n" . json_encode($data) . "\r\n|*/?>";
     saveFile($file, $data);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -180,6 +180,7 @@ public static function getJSON($file,$namespace=""){`
`180`	`180`	`}`
`181`	`181`
`182`	`182`	`$json = file_get_contents($path . $file);`
	`183`	`+ $json = str_replace(["\n\r", "\r", "\n"], "", $json);`
`183`	`184`	`$json = str_replace("\|/?>","",str_replace("<?php/\|","",$json));`
`184`	`185`	`$json = json_decode($json,true);`
`185`	`186`	`return $json;`
`@@ -197,7 +198,7 @@ public static function saveJSON($file,$data,$namespace=""){`
`197`	`198`	`if(!is_dir($path)) mkdir($path);`
`198`	`199`	`}`
`199`	`200`
`200`		`- $data = "<?php/\|" . json_encode($data) . "\|/?>";`
	`201`	`+ $data = "<?php\r\n/\|" . json_encode($data) . "\|/\r\n?>";`
`201`	`202`	`$write = fopen($path . $file, 'w') or die("can't open file ".$path.$file);`
`202`	`203`	`fwrite($write, $data);`
`203`	`204`	`fclose($write);`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ function saveFile($file, $data)`
`33`	`33`
`34`	`34`	`function saveJSON($file, $data)`
`35`	`35`	`{`
`36`		`- $data = "<?php/\|" . json_encode($data) . "\|/?>";`
	`36`	`+ $data = "<?php/\|\r\n" . json_encode($data) . "\r\n\|/?>";`
`37`	`37`	`saveFile($file, $data);`
`38`	`38`	`}`
`39`	`39`