Prevents RCE via unserialize()

2021-02-03 16:03:04 +05:30
parent 929d4a8b40
commit b3302b8466
3 changed files with 9 additions and 9 deletions
--- a/resources/views/themes/default1/client/helpdesk/ckeckticketOld.blade.php
+++ b/resources/views/themes/default1/client/helpdesk/ckeckticketOld.blade.php
@@ -2,8 +2,8 @@

@section('content')               
 <?php
-$tickets = App\Model\helpdesk\Ticket\Tickets::where('id', '=', \Crypt::decrypt($id))->first();
-$thread = App\Model\helpdesk\Ticket\Ticket_Thread::where('ticket_id', '=', \Crypt::decrypt($id))->first();
+$tickets = App\Model\helpdesk\Ticket\Tickets::where('id', '=', \Crypt::decrypt($id,false))->first();
+$thread = App\Model\helpdesk\Ticket\Ticket_Thread::where('ticket_id', '=', \Crypt::decrypt($id,false))->first();
 //$user = App\User::where('id','=',$id1)->first();
 ?>
 <!-- Main content -->
@@ -345,7 +345,7 @@ foreach ($conversations as $conversation) {
    {{Session::get('fails1')}}
 </div>
@endif
-<?php $id2 = Crypt::decrypt($id); ?>
+<?php $id2 = Crypt::decrypt($id,false); ?>
 <div id="respond" class="comment-respond form-border">
    <h3 id="reply-title" class="comment-reply-title section-title"><i class="line"></i>{!! Lang::get('lang.leave_a_reply') !!}</h3>
    @if(Auth::user())