Headline
CVE-2021-32648: Use int casting · octobercms/library@5bd1a28
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
@@ -84,7 +84,7 @@ public function hasAccess($permissions, $all = true)
// We will make sure that the merged permission does not
// exactly match our permission, but starts with it.
if ($checkPermission != $rolePermission && starts_with($rolePermission, $checkPermission) && $value === 1) {
if ($checkPermission != $rolePermission && starts_with($rolePermission, $checkPermission) && (int) $value === 1) {
$matched = true;
break;
}
@@ -102,7 +102,7 @@ public function hasAccess($permissions, $all = true)
// We will make sure that the merged permission does not
// exactly match our permission, but ends with it.
if ($checkPermission != $rolePermission && ends_with($rolePermission, $checkPermission) && $value === 1) {
if ($checkPermission != $rolePermission && ends_with($rolePermission, $checkPermission) && (int) $value === 1) {
$matched = true;
break;
}
@@ -121,14 +121,14 @@ public function hasAccess($permissions, $all = true)
// We will make sure that the merged permission does not
// exactly match our permission, but starts with it.
if ($checkGroupPermission != $permission && starts_with($permission, $checkGroupPermission) && $value === 1) {
if ($checkGroupPermission != $permission && starts_with($permission, $checkGroupPermission) && (int) $value === 1) {
$matched = true;
break;
}
}
// Otherwise, we’ll fallback to standard permissions checking where
// we match that permissions explicitly exist.
elseif ($permission === $rolePermission && $rolePermissions[$permission] === 1) {
elseif ($permission === $rolePermission && (int) $rolePermissions[$permission] === 1) {
$matched = true;
break;
}