From 905c85813a24f02050421df8a7b1bf7ffbf4d987 Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <Jacek@jacekk.info> Date: Sat, 01 Nov 2014 23:52:41 +0000 Subject: [PATCH] [core] Zablokowanie przetwarzania XML External Entities --- class/BotMsgGG.php | 9 +++------ 1 files changed, 3 insertions(+), 6 deletions(-) diff --git a/class/BotMsgGG.php b/class/BotMsgGG.php index c860227..d14e99e 100644 --- a/class/BotMsgGG.php +++ b/class/BotMsgGG.php @@ -21,10 +21,6 @@ const FORMAT_COLOR = 0x08; const FORMAT_IMAGE = 0x80; - const COLOR_RED = 0x00010000; - const COLOR_GREEN = 0x00000100; - const COLOR_BLUE = 0x00000001; - /** * @param BotMsg $msg Wiadomość do przekonwertowania */ @@ -337,11 +333,12 @@ $this->format .= pack('vC', mb_strlen($this->old), self::FORMAT_IMAGE) .pack('CCVV', 0x09, 0x01, $size, hexdec($crc)); + $this->f_old = ''; } } private function format(&$node) { - $node->setAttribute('beforeFormatType', ord($this->f_type)); + $node->setAttribute('beforeFormatType', dechex($this->f_type)); $node->setAttribute('beforeFormatColor', base64_encode($this->f_color)); if($node->hasAttribute('color')) { @@ -382,7 +379,7 @@ } private function unformat($node) { - $this->f_type = chr($node->getAttribute('beforeFormatType')); + $this->f_type = hexdec($node->getAttribute('beforeFormatType')); $node->removeAttribute('beforeFormatType'); $this->f_color = base64_decode($node->getAttribute('beforeFormatColor')); -- Gitblit v1.9.1