yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-06 03:50:04 +02:00
Code Issues Releases Wiki Activity

TALOS-2023-1900

Browse source 
CVE-2023-49599
This commit is contained in:
Daniel Neto 2023-12-18 13:47:25 -03:00
parent aca09187c6
commit 0827a0f6be
3 changed files with 83 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

104
objects/configuration.php
View file

@ -356,68 +356,58 @@ class AVideoConf extends ObjectYPT{
$this->autoplay = ($autoplay == 'true' || $autoplay == '1') ? 1 : 0; $this->autoplay = ($autoplay == 'true' || $autoplay == '1') ? 1 : 0;
} }
// end version 2.7 static function updateConfigFile($additions, $replacements, $newVersion) {
global $global;
$filePath = "{$global['systemRootPath']}videos/configuration.php"; // Hardcoded file path
public static function rewriteConfigFile() // Check if the file exists
{ if (!file_exists($filePath)) {
global $global, $mysqlHost, $mysqlUser, $mysqlPass, $mysqlDatabase; return false;
if (empty($global['salt'])) {
$global['salt'] = uniqid();
}
if (empty($global['disableTimeFix'])) {
$global['disableTimeFix'] = 0;
}
if (empty($global['logfile'])) {
$global['logfile'] = $global['systemRootPath'] . 'videos/avideo.log';
}
$content = "<?php
\$global['configurationVersion'] = 3.1;
\$global['disableAdvancedConfigurations'] = {$global['disableAdvancedConfigurations']};
\$global['videoStorageLimitMinutes'] = {$global['videoStorageLimitMinutes']};
\$global['disableTimeFix'] = {$global['disableTimeFix']};
\$global['logfile'] = '{$global['logfile']}';
if(!empty(\$_SERVER['SERVER_NAME']) && \$_SERVER['SERVER_NAME']!=='localhost' && !filter_var(\$_SERVER['SERVER_NAME'], FILTER_VALIDATE_IP)) {
// get the subdirectory, if exists
\$file = str_replace(\"\\\\\", \"/\", __FILE__);
\$subDir = str_replace(array(\$_SERVER[\"DOCUMENT_ROOT\"], 'videos/configuration.php'), array('',''), \$file);
\$global['webSiteRootURL'] = \"http\".(!empty(\$_SERVER['HTTPS'])?\"s\":\"\").\"://\".\$_SERVER['SERVER_NAME'].\$subDir;
}else{
\$global['webSiteRootURL'] = '{$global['webSiteRootURL']}';
}
\$global['systemRootPath'] = '{$global['systemRootPath']}';
\$global['salt'] = '{$global['salt']}';
\$global['enableDDOSprotection'] = {$global['enableDDOSprotection']};
\$global['ddosMaxConnections'] = {$global['ddosMaxConnections']};
\$global['ddosSecondTimeout'] = {$global['ddosSecondTimeout']};
\$global['strictDDOSprotection'] = {$global['strictDDOSprotection']};
\$global['noDebug'] = 0;
\$global['webSiteRootPath'] = '';
if(empty(\$global['webSiteRootPath'])){
preg_match('/https?:\/\/[^\/]+(.*)/i', \$global['webSiteRootURL'], \$matches);
if(!empty(\$matches[1])){
\$global['webSiteRootPath'] = \$matches[1];
}
}
if(empty(\$global['webSiteRootPath'])){
die('Please configure your webSiteRootPath');
} }
\$mysqlHost = '{$mysqlHost}'; // Read the file into an array
\$mysqlUser = '{$mysqlUser}'; $lines = file($filePath);
\$mysqlPass = '{$mysqlPass}';
\$mysqlDatabase = '{$mysqlDatabase}';
/** // Check if the configuration version is already the new version
* Do NOT change from here foreach ($lines as $line) {
*/ if (preg_match('/\$global\[\'configurationVersion\'\] = ([0-9]+(?:\.[0-9]+)?);/', $line, $matches)) {
if (isset($matches[1]) && (float)$matches[1] === (float)$newVersion) {
require_once \$global['systemRootPath'].'objects/include_config.php'; // Version is already the new version, no need to modify the file
"; return false;
$fp = fopen($global['systemRootPath'] . "videos/configuration.php", "wb");
fwrite($fp, $content);
fclose($fp);
} }
break; // Break out of the loop once the version line is found
}
}
// Create a backup of the file
copy($filePath, "{$global['systemRootPath']}videos/configuration_bkp_".date('YmdHis').".php");
// Process each line for replacements
foreach ($lines as &$line) {
foreach ($replacements as $pattern => $replacement) {
if (preg_match($pattern, $line)) {
$line = preg_replace($pattern, $replacement, $line);
}
}
if(preg_match('/\$global\[\'configurationVersion\'\] = [0-9]+(\.[0-9]+)?;/', $line)){
$line = "\$global['configurationVersion'] = {$newVersion};".PHP_EOL;
}
}
// Process each line for additions
foreach ($additions as $pattern => $addition) {
foreach ($lines as $index => &$line) {
if (preg_match($pattern, $line)) {
array_splice($lines, $index + 1, 0, $addition . "\n");
break; // Assuming only one addition per pattern
}
}
}
// Write the array back to the file
return file_put_contents($filePath, implode('', $lines));;
}
public function getTheme() public function getTheme()
{ {

23
objects/functions.php
View file

@ -5701,7 +5701,6 @@ function encrypt_decrypt($string, $action)
return false; return false;
} }
$encrypt_method = "AES-256-CBC"; $encrypt_method = "AES-256-CBC";
$secret_key = 'This is my secret key';
$secret_iv = $global['systemRootPath']; $secret_iv = $global['systemRootPath'];
while (strlen($secret_iv) < 16) { while (strlen($secret_iv) < 16) {
$secret_iv .= $global['systemRootPath']; $secret_iv .= $global['systemRootPath'];
@ -5709,8 +5708,9 @@ function encrypt_decrypt($string, $action)
if (empty($secret_iv)) { if (empty($secret_iv)) {
$secret_iv = '1234567890abcdef'; $secret_iv = '1234567890abcdef';
} }
$salt = empty($global['saltV2'])?$global['salt']:$global['saltV2'];
// hash // hash
$key = hash('sha256', $global['salt']); $key = hash('sha256', $salt);
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16); $iv = substr(hash('sha256', $secret_iv), 0, 16);
@ -11976,3 +11976,22 @@ function getValueOrBlank($array, $default=''){
} }
return $text; return $text;
} }
/*
secure salt in PHP using standard characters and numbers.
This code will generate a 10 to 32-character string
*/
function _uniqid() {
// Generate 16 bytes of random data
$randomBytes = random_bytes(16);
// Convert the binary data to a hexadecimal string
$hex = bin2hex($randomBytes);
// If you want a variable length output, you can truncate the MD5 hash
// For example, to get a random length between 10 and 32 characters:
$randomLength = rand(10, 32);
$randomString = substr($hex, 0, $randomLength);
return $randomString;
}

13
objects/include_config.php
View file

@ -47,7 +47,8 @@ if (!empty($global['stopBotsList']) && is_array($global['stopBotsList'])) {
$global['avideoStartMicrotime'] = microtime(true); $global['avideoStartMicrotime'] = microtime(true);
function includeConfigLog($line, $desc=''){ function includeConfigLog($line, $desc = '')
{
if (empty($_REQUEST['debug'])) { if (empty($_REQUEST['debug'])) {
return false; return false;
} }
@ -123,8 +124,14 @@ includeConfigLog(__LINE__);
require_once $global['systemRootPath'] . 'objects/images.php'; require_once $global['systemRootPath'] . 'objects/images.php';
includeConfigLog(__LINE__); includeConfigLog(__LINE__);
// for update config from old versions 2020-05-11 // for update config from old versions 2020-05-11
if (empty($global['webSiteRootPath']) || $global['configurationVersion'] < 3.1) { if ($global['configurationVersion'] < 4.0 && empty($global['saltV2'])) {
Configuration::rewriteConfigFile(); $additions = [
'/\$global\[\'salt\'\].*/' => "\$global['saltV2'] = '"._uniqid()."';", // Add this line below the line that matches the pattern
];
$replacements = [];
Configuration::updateConfigFile($additions, $replacements, 4.0);
} }
includeConfigLog(__LINE__); includeConfigLog(__LINE__);