[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gforge-commits] gforge/www/frs/admin editrelease.php,1.6,1.7
From: |
mpeltier |
Subject: |
[Gforge-commits] gforge/www/frs/admin editrelease.php,1.6,1.7 |
Date: |
Sat, 11 Dec 2004 18:08:12 -0600 |
Update of /cvsroot/gforge/gforge/www/frs/admin
In directory db.perdue.net:/tmp/cvs-serv12916/www/frs/admin
Modified Files:
editrelease.php
Log Message:
Fixed hopefully security pb introduced by my last commit (reported by Tim):
check that the new package and release id are ok and belong to the
same project before doing the update.
Index: editrelease.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/frs/admin/editrelease.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- editrelease.php 10 Dec 2004 00:22:40 -0000 1.6
+++ editrelease.php 12 Dec 2004 00:08:09 -0000 1.7
@@ -169,7 +169,8 @@
} else {
$date_list = split('[- :]',$release_time,5);
$release_time =
mktime($date_list[3],$date_list[4],0,$date_list[1],$date_list[2],$date_list[0]);
- if
(!$frsf->update($type_id,$processor_id,$release_time,$new_release_id)) {
+ list($new_package_id, $new_release_id) =
split(':',$new_package_release_ids,2);
+ if
(!$frsf->update($type_id,$processor_id,$release_time,$new_package_id,$new_release_id))
{
exit_error('Error',$frsf->getErrorMessage());
} else {
$feedback .=
$Language->getText('project_admin_editrelease','file_updated');
@@ -302,7 +303,7 @@
<tr <?php echo $HTML->boxGetAltRowStyle($x); ?>>
<td>
<span style="font-size:smaller">
- <?php echo
frs_show_release_popup ($group_id,
$name='new_release_id',db_result($res,$x,'release_id')); ?>
+ <?php echo
frs_show_release_popup ($group_id,
$name='new_package_release_ids',db_result($res,$x,'release_id')); ?>
</span>
</td>
<td>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gforge-commits] gforge/www/frs/admin editrelease.php,1.6,1.7,
mpeltier <=