clone array instead of passing the reference, adresses #436

2019-05-31 07:05:40 +02:00 · 2019-05-31 07:05:40 +02:00 · ebbb850b27
commit ebbb850b27
parent 87c7719513
3 changed files with 7 additions and 7 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -1033,17 +1033,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         */
        me.decipher = async function(key, password, data)
        {
-            let adataString, encodedSpec, cipherMessage;
+            let adataString, spec, cipherMessage;
            if (data instanceof Array) {
                // version 2
                adataString = JSON.stringify(data[1]);
-                encodedSpec = (data[1][0] instanceof Array ? data[1][0] : data[1]);
+                // clone the array instead of passing the reference
                spec = (data[1][0] instanceof Array ? data[1][0] : data[1]).slice();
                cipherMessage = data[0];
            } else if (typeof data === 'string') {
                // version 1
                let object = JSON.parse(data);
                adataString = atob(object.adata);
-                encodedSpec = [
+                spec = [
                    object.iv,
                    object.salt,
                    object.iter,
@ -1057,7 +1058,6 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            } else {
                throw 'unsupported message format';
            }
            let spec = encodedSpec, plainText = '';
            spec[0] = atob(spec[0]);
            spec[1] = atob(spec[1]);
            try {
@ -1069,7 +1069,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                            atob(cipherMessage)
                        )
                    ),
-                    encodedSpec[7]
+                    spec[7]
                );
            } catch(err) {
                return '';
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@ -72,7 +72,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-2I6gqibyMdzEM03U4c4T2h0Yv1omWkPT16VUURnv8s/rfTPIh/r9+GOKttWoaJUXYFJgJLWNkgzJRErPb53DDQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-y7sTS+OUdMRwxzi+T1OLLYdF5fagvAwPs4FmftyOEISFQl2YcZA8NrUGR0QkOAXJ5LclWdd4P3ifbYey/TXIbQ==" crossorigin="anonymous"></script>
 		<!--[if lt IE 10]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
 		<![endif]-->
--- a/tpl/page.php
+++ b/tpl/page.php
@ -50,7 +50,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-2I6gqibyMdzEM03U4c4T2h0Yv1omWkPT16VUURnv8s/rfTPIh/r9+GOKttWoaJUXYFJgJLWNkgzJRErPb53DDQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-y7sTS+OUdMRwxzi+T1OLLYdF5fagvAwPs4FmftyOEISFQl2YcZA8NrUGR0QkOAXJ5LclWdd4P3ifbYey/TXIbQ==" crossorigin="anonymous"></script>
 		<!--[if lt IE 10]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
 		<![endif]-->