clone array instead of passing the reference, adresses #436

This commit is contained in:
El RIDO 2019-05-31 07:05:40 +02:00
parent 87c7719513
commit ebbb850b27
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
3 changed files with 7 additions and 7 deletions

View file

@ -1033,17 +1033,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
me.decipher = async function(key, password, data)
{
let adataString, encodedSpec, cipherMessage;
let adataString, spec, cipherMessage;
if (data instanceof Array) {
// version 2
adataString = JSON.stringify(data[1]);
encodedSpec = (data[1][0] instanceof Array ? data[1][0] : data[1]);
// clone the array instead of passing the reference
spec = (data[1][0] instanceof Array ? data[1][0] : data[1]).slice();
cipherMessage = data[0];
} else if (typeof data === 'string') {
// version 1
let object = JSON.parse(data);
adataString = atob(object.adata);
encodedSpec = [
spec = [
object.iv,
object.salt,
object.iter,
@ -1057,7 +1058,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
} else {
throw 'unsupported message format';
}
let spec = encodedSpec, plainText = '';
spec[0] = atob(spec[0]);
spec[1] = atob(spec[1]);
try {
@ -1069,7 +1069,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
atob(cipherMessage)
)
),
encodedSpec[7]
spec[7]
);
} catch(err) {
return '';

View file

@ -72,7 +72,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-2I6gqibyMdzEM03U4c4T2h0Yv1omWkPT16VUURnv8s/rfTPIh/r9+GOKttWoaJUXYFJgJLWNkgzJRErPb53DDQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-y7sTS+OUdMRwxzi+T1OLLYdF5fagvAwPs4FmftyOEISFQl2YcZA8NrUGR0QkOAXJ5LclWdd4P3ifbYey/TXIbQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

View file

@ -50,7 +50,7 @@ if ($MARKDOWN):
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-2I6gqibyMdzEM03U4c4T2h0Yv1omWkPT16VUURnv8s/rfTPIh/r9+GOKttWoaJUXYFJgJLWNkgzJRErPb53DDQ==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-y7sTS+OUdMRwxzi+T1OLLYdF5fagvAwPs4FmftyOEISFQl2YcZA8NrUGR0QkOAXJ5LclWdd4P3ifbYey/TXIbQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->