[QUOTE] написал:
Заглянул в обновление, сами уязвимые файлы в нем не тронуты, значит изменения где-то в другом месте. Может стоит выложить инструкцию где конкретно нужно пофиксить дыру в старых версиях - не всех клиентов получится оперативно обновить, у многих старые сайты с самописным функционалом, который частично отвалится при обновлении. Пофиксить дыру в их случае было бы проще, чем ловить баги на сайтах.[/QUOTE]
[CODE]Index: modules/vote/install/version.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/modules/vote/install/version.php b/modules/vote/install/version.php
--- a/modules/vote/install/version.php (revision bed56ff9acf39ae04a93804a19687671562d7c98)
+++ b/modules/vote/install/version.php (revision 3b4c2d42f4702b73499a7d2c1ab89a091d361159)
@@ -1,6 +1,5 @@
-<?
-$arModuleVersion = array(
- "VERSION" => "21.0.0",
- "VERSION_DATE" => "2021-03-09 16:30:00"
-);
-?>
\ No newline at end of file
+<?php
+$arModuleVersion = [
+ 'VERSION' => '21.0.100',
+ 'VERSION_DATE' => '2022-03-04 09:25:09'
+];
\ No newline at end of file
Index: modules/vote/lib/attachment/connector.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/modules/vote/lib/attachment/connector.php b/modules/vote/lib/attachment/connector.php
--- a/modules/vote/lib/attachment/connector.php (revision bed56ff9acf39ae04a93804a19687671562d7c98)
+++ b/modules/vote/lib/attachment/connector.php (revision 3b4c2d42f4702b73499a7d2c1ab89a091d361159)
@@ -30,12 +30,13 @@
}
$className = str_replace('\\\\', '\\', $attachedObject->getEntityType());
/** @var \Bitrix\Vote\Attachment\Connector $connector */
+ if (!is_a($className, Connector::class, true))
+ {
+ throw new ObjectNotFoundException('Connector class should be instance of Bitrix\Vote\Attachment\Connector.');
+ }
+
$connector = new $className($attachedObject->getEntityId());
- if(!$connector instanceof Connector)
- {
- throw new ObjectNotFoundException('Connector class should be instance of Connector.');
- }
if($connector instanceof Storable)
{
$connector->setStorage($attachedObject->getStorage());
Index: modules/vote/lib/uf/manager.php
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/modules/vote/lib/uf/manager.php b/modules/vote/lib/uf/manager.php
--- a/modules/vote/lib/uf/manager.php (revision bed56ff9acf39ae04a93804a19687671562d7c98)
+++ b/modules/vote/lib/uf/manager.php (revision 3b4c2d42f4702b73499a7d2c1ab89a091d361159)
@@ -3,6 +3,7 @@
namespace Bitrix\Vote\Uf;
use Bitrix\Vote\Attach;
+use Bitrix\Vote\Attachment\Connector;
use Bitrix\Vote\Attachment\DefaultConnector;
use Bitrix\Vote\Attachment\BlogPostConnector;
use Bitrix\Vote\Attachment\ForumMessageConnector;
@@ -115,7 +116,7 @@
$id1 = VoteUserType::NEW_VOTE_PREFIX.$id;
if(!isset($this->loadedAttachedObjects[$id1]))
{
- list($entityType, $moduleId) = $this->getConnectorDataByEntityType($this->params["ENTITY_ID"]);
+ [$entityType, $moduleId] = $this->getConnectorDataByEntityType($this->params["ENTITY_ID"]);
$attach = \Bitrix\Vote\Attachment\Manager::loadFromVoteId(array(
"ENTITY_ID" => ($this->params["ENTITY_VALUE_ID"] ?: $this->params["VALUE_ID"]), // http://hg.office.bitrix.ru/repos/modules/rev/b614a075ce64
"ENTITY_TYPE" => $entityType,
@@ -130,7 +131,7 @@
*/
public function loadEmptyObject()
{
- list($entityType, $moduleId) = $this->getConnectorDataByEntityType($this->params["ENTITY_ID"]);
+ [$entityType, $moduleId] = $this->getConnectorDataByEntityType($this->params["ENTITY_ID"]);
return \Bitrix\Vote\Attachment\Manager::loadEmptyAttach(array(
"ENTITY_ID" => ($this->params["ENTITY_VALUE_ID"] ?: $this->params["VALUE_ID"]), // http://hg.office.bitrix.ru/repos/modules/rev/b614a075ce64,
"ENTITY_TYPE" => $entityType,
@@ -144,7 +145,7 @@
*/
public function loadFromEntity()
{
- list($entityType, $moduleId) = $this->getConnectorDataByEntityType($this->params["ENTITY_ID"]);
+ [$entityType, $moduleId] = $this->getConnectorDataByEntityType($this->params["ENTITY_ID"]);
$res = array(
"ENTITY_ID" => ($this->params["ENTITY_VALUE_ID"] ?: $this->params["VALUE_ID"]), // http://hg.office.bitrix.ru/repos/modules/rev/b614a075ce64
"=ENTITY_TYPE" => $entityType,
@@ -160,7 +161,7 @@
*/
public function belongsToEntity(Attach $attachedObject, $entityType, $entityId)
{
- list($connectorClass, $moduleId) = $this->getConnectorDataByEntityType($entityType);
+ [$connectorClass, $moduleId] = $this->getConnectorDataByEntityType($entityType);
return
$attachedObject->getEntityId() == $entityId &&
@@ -257,7 +258,7 @@
throw new SystemException('Wrong event result by building AdditionalConnectorList. Could not find CLASS.');
}
- if(is_string($connector['CLASS']) && class_exists($connector['CLASS']))
+ if(is_string($connector['CLASS']) && class_exists($connector['CLASS']) && is_a($connector['CLASS'], Connector::class, true))
{
$this->additionalConnectorList[mb_strtolower($connector['ENTITY_TYPE'])] = array(
$connector['CLASS'],
[/CODE]