[Ajuste] Fallo de seguridad heredado de Joomla

JokteLatinoamerica · Nov 7, 2013 · d72b49a · d72b49a
1 parent 051ee2f
commit d72b49a
Showing 1 changed file with 32 additions and 27 deletions.
diff --git a/libraries/joomla/installer/helper.php b/libraries/joomla/installer/helper.php
@@ -46,23 +46,44 @@ public static function downloadPackage($url, $target = false)
 		$version = new JVersion;
 		ini_set('user_agent', $version->getUserAgent('Installer'));
 
-		// Open the remote server socket for reading
-		$inputHandle = @ fopen($url, "r");
-		$error = strstr($php_errormsg, 'failed to open stream:');
-		if (!$inputHandle)
+		$http = JHttpFactory::getHttp();
+
+		try
+		{
+			$response = $http->get($url);
+		}
+		catch (Exception $exc)
+		{
+			$response = null;
+		}
+
+		if (is_null($response))
 		{
-			JError::raiseWarning(42, JText::sprintf('JLIB_INSTALLER_ERROR_DOWNLOAD_SERVER_CONNECT', $error));
+			JError::raiseWarning(42, JText::_('JLIB_INSTALLER_ERROR_DOWNLOAD_SERVER_CONNECT'));
+
 			return false;
 		}
 
-		$meta_data = stream_get_meta_data($inputHandle);
-		foreach ($meta_data['wrapper_data'] as $wrapper_data)
+		if (302 == $response->code && isset($response->headers['Location']))
+		{
+			return self::downloadPackage($response->headers['Location']);
+		}
+		elseif (200 != $response->code)
 		{
-			if (substr($wrapper_data, 0, strlen("Content-Disposition")) == "Content-Disposition")
+			if ($response->body === '')
 			{
-				$contentfilename = explode("\"", $wrapper_data);
-				$target = $contentfilename[1];
+				$response->body = $php_errormsg;
 			}
+
+			JError::raiseWarning(42, JText::sprintf('JLIB_INSTALLER_ERROR_DOWNLOAD_SERVER_CONNECT', $response->body));
+
+			return false;
+		}
+
+		if (isset($response->headers['Content-Disposition']))
+		{
+			$contentfilename = explode("\"", $response->headers['Content-Disposition']);
+			$target = $contentfilename[1];
 		}
 
 		// Set the target path if not given
@@ -75,24 +96,8 @@ public static function downloadPackage($url, $target = false)
 			$target = $config->get('tmp_path') . '/' . basename($target);
 		}
 
-		// Initialise contents buffer
-		$contents = null;
-
-		while (!feof($inputHandle))
-		{
-			$contents .= fread($inputHandle, 4096);
-			if ($contents === false)
-			{
-				JError::raiseWarning(44, JText::sprintf('JLIB_INSTALLER_ERROR_FAILED_READING_NETWORK_RESOURCES', $php_errormsg));
-				return false;
-			}
-		}
-
 		// Write buffer to file
-		JFile::write($target, $contents);
-
-		// Close file pointer resource
-		fclose($inputHandle);
+		JFile::write($target, $response->body);
 
 		// Restore error tracking to what it was before
 		ini_set('track_errors', $track_errors);