Bug - Garbage in session data

enricodias4654

Member
YetiShare User
Jan 13, 2015
411
1
16
Hello.

I just notice a bug that may leave garbage in the session data. When a user requests a download page and don't start the download, the script will leave the download info (such as _download_page_next_page) stored in the session until the session expires or the user tries to download the same file again.
 

enricodias4654

Member
YetiShare User
Jan 13, 2015
411
1
16
Continuing in a reply to make it private.

This can be exploited by a bot requesting the download page of all files on the website. For each file, several new variables will be stored on the database. It's possible to create several GBs of garbage in a few minutes using this method.
 

adam

Administrator
Staff member
Dec 5, 2009
2,043
108
63
Hi enricodias4654,

Thanks for keeping it private in the reply. Can you forward the details to [email protected], I'll ensure it's looked at asap.

Thanks,
Adam.
 

enricodias4654

Member
YetiShare User
Jan 13, 2015
411
1
16
adam said:
Hi enricodias4654,

Thanks for keeping it private in the reply. Can you forward the details to [email protected], I'll ensure it's looked at asap.

Thanks,
Adam.
There isn't any more details about this to give. If you visit the download pages of several files and check the session in the database you will see the data accumulating there.

Maybe the best approach to fix this would be store the download variables in an array and check the size of this array. In the showDownloadPages method in the file class, instead of using $_SESSION['_download_page_next_page_'.$this->id], use something like $_SESSION['dlData']['_download_page_next_page_'.$this->id], but I'm not sure if this syntax will work. If it works, the method can check the size of $_SESSION['dlData'] and remove the oldest element if the array size is greater than a predefined value.