mirror of
https://gitea.mueller.network/extern/django-helpdesk.git
synced 2025-01-27 08:19:36 +01:00
Merge pull request #407 from mhannig/fixed_remote_code_execution
Fixed remote code execution through unpickling untrusted code. Moved to json (de)serialize instead.
This commit is contained in:
commit
90e1a3c33a
@ -773,12 +773,14 @@ def ticket_list(request):
|
|||||||
if not (saved_query.shared or saved_query.user == request.user):
|
if not (saved_query.shared or saved_query.user == request.user):
|
||||||
return HttpResponseRedirect(reverse('helpdesk_list'))
|
return HttpResponseRedirect(reverse('helpdesk_list'))
|
||||||
|
|
||||||
try:
|
import json
|
||||||
import pickle
|
|
||||||
except ImportError:
|
|
||||||
import cPickle as pickle
|
|
||||||
from helpdesk.lib import b64decode
|
from helpdesk.lib import b64decode
|
||||||
query_params = pickle.loads(b64decode(str(saved_query.query)))
|
try:
|
||||||
|
query_params = json.loads(b64decode(str(saved_query.query)))
|
||||||
|
except ValueError:
|
||||||
|
# Query deserialization failed. (E.g. was a pickled query)
|
||||||
|
return HttpResponseRedirect(reverse('helpdesk_list'))
|
||||||
|
|
||||||
elif not ( 'queue' in request.GET
|
elif not ( 'queue' in request.GET
|
||||||
or 'assigned_to' in request.GET
|
or 'assigned_to' in request.GET
|
||||||
or 'status' in request.GET
|
or 'status' in request.GET
|
||||||
@ -879,12 +881,9 @@ def ticket_list(request):
|
|||||||
search_message = _('<p><strong>Note:</strong> Your keyword search is case sensitive because of your database. This means the search will <strong>not</strong> be accurate. By switching to a different database system you will gain better searching! For more information, read the <a href="http://docs.djangoproject.com/en/dev/ref/databases/#sqlite-string-matching">Django Documentation on string matching in SQLite</a>.')
|
search_message = _('<p><strong>Note:</strong> Your keyword search is case sensitive because of your database. This means the search will <strong>not</strong> be accurate. By switching to a different database system you will gain better searching! For more information, read the <a href="http://docs.djangoproject.com/en/dev/ref/databases/#sqlite-string-matching">Django Documentation on string matching in SQLite</a>.')
|
||||||
|
|
||||||
|
|
||||||
try:
|
import json
|
||||||
import pickle
|
|
||||||
except ImportError:
|
|
||||||
import cPickle as pickle
|
|
||||||
from helpdesk.lib import b64encode
|
from helpdesk.lib import b64encode
|
||||||
urlsafe_query = b64encode(pickle.dumps(query_params))
|
urlsafe_query = b64encode(json.dumps(query_params).encode('UTF-8'))
|
||||||
|
|
||||||
user_saved_queries = SavedSearch.objects.filter(Q(user=request.user) | Q(shared__exact=True))
|
user_saved_queries = SavedSearch.objects.filter(Q(user=request.user) | Q(shared__exact=True))
|
||||||
|
|
||||||
@ -1053,12 +1052,13 @@ def run_report(request, report):
|
|||||||
if not (saved_query.shared or saved_query.user == request.user):
|
if not (saved_query.shared or saved_query.user == request.user):
|
||||||
return HttpResponseRedirect(reverse('helpdesk_report_index'))
|
return HttpResponseRedirect(reverse('helpdesk_report_index'))
|
||||||
|
|
||||||
try:
|
import json
|
||||||
import pickle
|
|
||||||
except ImportError:
|
|
||||||
import cPickle as pickle
|
|
||||||
from helpdesk.lib import b64decode
|
from helpdesk.lib import b64decode
|
||||||
query_params = pickle.loads(b64decode(str(saved_query.query)))
|
try:
|
||||||
|
query_params = json.loads(b64decode(str(saved_query.query)))
|
||||||
|
except:
|
||||||
|
return HttpResponseRedirect(reverse('helpdesk_report_index'))
|
||||||
|
|
||||||
report_queryset = apply_query(report_queryset, query_params)
|
report_queryset = apply_query(report_queryset, query_params)
|
||||||
|
|
||||||
from collections import defaultdict
|
from collections import defaultdict
|
||||||
|
Loading…
Reference in New Issue
Block a user