Fixed typos/CS#3
Merged
Merged
Conversation
Member
|
Thanks for the fixes! |
Closed
flaviocopes
added a commit
that referenced
this pull request
Jan 30, 2016
Closed
ghost
mentioned this pull request
Closed
Closed
rhukster
added a commit
that referenced
this pull request
Apr 24, 2026
Closes the rest of the Tier-1 unauth/authz advisories from the 2026-04 batch: - GHSA-gwfr-jfjf-92vv: Framework\Cache\Adapter\FileCache now HMAC-signs every payload (sha256, key from Security::getNonceKey()) and verifies on read. Tampered, forged, or pre-upgrade files are treated as cache misses and unlinked instead of being unserialized. New on-disk format v2\n<expires>\n<key>\n<hmac>\n<serialized>; existing caches rebuild transparently. (Adapter isn't currently in Grav's main cache path — Symfony's FilesystemAdapter is — but the class is reachable to plugin authors so the hardening is defensive.) - GHSA-vj3m-2g9h-vm4p (5-part advisory): * #1 Scheduler\JobQueue: serialized_job blob now carries a sibling serialized_job_hmac field; reconstructJob refuses to unserialize an item whose HMAC missing/mismatches and falls through to the safe structured-fields rebuild. Closes the Job::exec → call_user_func_array direct RCE gadget chain. * #2 FileCache: same fix as GHSA-gwfr above. * #3 Session::getFlashObject: payload is now wrapped in "v2|<hmac>|<serialized>"; legacy/forged envelopes return null instead of triggering unserialize. * #4 InstallCommand git clone: branch/url/path coming from user/.dependencies are now escapeshellarg'd, with a "--" separator before url/path to block option-injection (e.g. --upload-pack=evil in path). * #5 cleanDangerousTwig: twig_array_reduce (advisory call-out) plus twig_array_some/twig_array_every added to CALLABLE_DANGEROUS_NAMES. Two new test files (FileCacheSecurityTest, UnserializeIntegritySecurityTest) covering 13 cases between them; CleanDangerousTwigTest extended with the new twig_array_* entries. Full unit suite: 645 tests, 2447 assertions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.