base64 cached objects and store within multi-line comment block to avoid CRLF injections into the cache. Props Peter Westwood.

git-svn-id: http://svn.automattic.com/wordpress/trunk@3798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-05-26 21:14:36 +00:00
parent d05a23cbc9
commit e7618712cb
2 changed files with 6 additions and 6 deletions

View File

@ -47,8 +47,8 @@ function wp_cache_set($key, $data, $flag = '', $expire = 0) {
return $wp_object_cache->set($key, $data, $flag, $expire);
}
define('CACHE_SERIAL_HEADER', "<?php\n//");
define('CACHE_SERIAL_FOOTER', "\n?".">");
define('CACHE_SERIAL_HEADER', "<?php\n/*");
define('CACHE_SERIAL_FOOTER', "*/\n?".">");
class WP_Object_Cache {
var $cache_dir;
@ -158,7 +158,7 @@ class WP_Object_Cache {
return false;
}
$this->cache[$group][$id] = unserialize(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER)));
$this->cache[$group][$id] = unserialize(base64_decode(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER))));
if (false === $this->cache[$group][$id])
$this->cache[$group][$id] = '';
@ -332,7 +332,7 @@ class WP_Object_Cache {
}
$temp_file = tempnam($group_dir, 'tmp');
$serial = CACHE_SERIAL_HEADER.serialize($this->cache[$group][$id]).CACHE_SERIAL_FOOTER;
$serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group][$id])).CACHE_SERIAL_FOOTER;
$fd = @fopen($temp_file, 'w');
if ( false === $fd ) {
$errors++;

View File

@ -3,6 +3,6 @@
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
$wp_version = '2.1-alpha1';
$wp_db_version = 3767;
$wp_db_version = 3797;
?>
?>