From 905c85813a24f02050421df8a7b1bf7ffbf4d987 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Sat, 01 Nov 2014 23:52:41 +0000
Subject: [PATCH] [core] Zablokowanie przetwarzania XML External Entities

---
 class/BotMsgGG.php |    9 +++------
 1 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/class/BotMsgGG.php b/class/BotMsgGG.php
index c860227..d14e99e 100644
--- a/class/BotMsgGG.php
+++ b/class/BotMsgGG.php
@@ -21,10 +21,6 @@
 	const FORMAT_COLOR =	0x08;
 	const FORMAT_IMAGE =	0x80;
 	
-	const COLOR_RED =	0x00010000;
-	const COLOR_GREEN =	0x00000100;
-	const COLOR_BLUE =	0x00000001;
-	
 	/**
 	 * @param BotMsg $msg Wiadomość do przekonwertowania
 	 */
@@ -337,11 +333,12 @@
 			
 			$this->format .= pack('vC', mb_strlen($this->old), self::FORMAT_IMAGE)
 					.pack('CCVV', 0x09, 0x01, $size, hexdec($crc));
+			$this->f_old = '';
 		}
 	}
 	
 	private function format(&$node) {
-		$node->setAttribute('beforeFormatType', ord($this->f_type));
+		$node->setAttribute('beforeFormatType', dechex($this->f_type));
 		$node->setAttribute('beforeFormatColor', base64_encode($this->f_color));
 		
 		if($node->hasAttribute('color')) {
@@ -382,7 +379,7 @@
 	}
 	
 	private function unformat($node) {
-		$this->f_type = chr($node->getAttribute('beforeFormatType'));
+		$this->f_type = hexdec($node->getAttribute('beforeFormatType'));
 		$node->removeAttribute('beforeFormatType');
 		
 		$this->f_color = base64_decode($node->getAttribute('beforeFormatColor'));

--
Gitblit v1.9.1