[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] [19117] start to prepare 0.9.16.014 release - fixes S
|
From: |
Dave Hall |
|
Subject: |
[Phpgroupware-cvs] [19117] start to prepare 0.9.16.014 release - fixes SA35519 |
|
Date: |
Thu, 23 Jul 2009 16:08:27 +0000 |
Revision: 19117
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=19117
Author: skwashd
Date: 2009-07-23 16:08:27 +0000 (Thu, 23 Jul 2009)
Log Message:
-----------
start to prepare 0.9.16.014 release - fixes SA35519
Modified Paths:
--------------
branches/Version-0_9_16-branch/addressbook/csv_import.php
branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php
branches/Version-0_9_16-branch/login.php
branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG
branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php
Modified: branches/Version-0_9_16-branch/addressbook/csv_import.php
===================================================================
--- branches/Version-0_9_16-branch/addressbook/csv_import.php 2009-07-08
08:50:31 UTC (rev 19116)
+++ branches/Version-0_9_16-branch/addressbook/csv_import.php 2009-07-23
16:08:27 UTC (rev 19117)
@@ -31,12 +31,20 @@
$GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle');
$GLOBALS['phpgw']->template->set_block('import','imported','importedhandle');
- $csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] :
$_FILES['csvfile']['tmp_name'];
+ $csvfile = $_FILES['csvfile']['tmp_name'];
if($_POST['action'] == 'download' && (!$_POST['fieldsep'] || !$csvfile
|| !($fp=fopen($csvfile,'rb'))))
{
$_POST['action'] = '';
}
+ if($_POST['action'] == 'import')
+ {
+ $csvfile =
$GLOBALS['phpgw']->session->appsession('import_data', 'addressbook');
+ if(!file_exists($csvfile))
+ {
+ $_POST['action'] = '';
+ }
+ }
$GLOBALS['phpgw']->template->set_var('action_url',$GLOBALS['phpgw']->link('/addressbook/csv_import.php'));
$PSep = '||'; // Pattern-Separator, separats the
pattern-replacement-pairs in trans
@@ -175,9 +183,10 @@
$GLOBALS['phpgw']->template->set_var('max',200);
$GLOBALS['phpgw']->template->parse('ffooterhandle','ffooter');
fclose($fp);
- $old = $csvfile; $csvfile =
$GLOBALS['phpgw_info']['server']['temp_dir'].'/addrbook_import_'.basename($csvfile);
- rename($old,$csvfile);
- $hiddenvars .= '<input type="hidden" name="csvfile"
value="'.$csvfile.'">';
+ $old = $csvfile; $csvfile =
$GLOBALS['phpgw_info']['server']['temp_dir'].'/addrbook_import_'.$GLOBALS['phpgw_info']['user']['account_id'].'_'.basename($csvfile);
+ rename($old,$csvfile);
+ $GLOBALS['phpgw']->session->appsession('import_data',
'addressbook', $csvfile);
+ //$hiddenvars .= '<input type="hidden" name="csvfile"
value="'.$csvfile.'">';
$mktime_lotus = "${PSep}0?([0-9]+)[ .:-]+0?([0-9]*)[
.:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[
.:-]+0?([0-9]*)address@hidden(${VPre}4,${VPre}5,${VPre}6,${VPre}2,${VPre}3,${VPre}1)";
$help_on_trans = "<a name=\"help\"></a><b>How to use
Translation's</b><p>".
"Translations enable you to change / adapt the
content of each CSV field for your needs. <br />".
Modified: branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php
===================================================================
--- branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php
2009-07-08 08:50:31 UTC (rev 19116)
+++ branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php
2009-07-23 16:08:27 UTC (rev 19117)
@@ -73,7 +73,8 @@
function import()
{
- if ($_REQUEST['convert']) //&&
($_FILES['tsvfile']['error'] == UPLOAD_ERR_OK))
+ $conv_type_a =
$GLOBALS['phpgw']->session->appsession('conv_type_values_i', 'addressbook');
+ if ($_REQUEST['convert'] && is_array($conv_type_a) &&
in_array($_REQUEST['conv_type'], $conv_type_a)) //&&
($_FILES['tsvfile']['error'] == UPLOAD_ERR_OK))
{
$buffer =
$this->bo->import($_FILES['tsvfile']['tmp_name'],$_REQUEST['conv_type'],$_REQUEST['private'],$_REQUEST['fcat_id']);
@@ -130,7 +131,7 @@
$fname = ereg_replace('_','
',$myfilearray[$i]);
$conv .= '<OPTION VALUE="' .
$myfilearray[$i].'">' . $fname . '</OPTION>';
}
-
+
$GLOBALS['phpgw']->session->appsession('conv_type_values_i', 'addressbook',
$myfilearray);
$this->template->set_var('lang_cancel',lang('Cancel'));
$this->template->set_var('lang_cat',lang('Select Category'));
$this->template->set_var('cancel_url',$GLOBALS['phpgw']->link('/index.php','menuaction=addressbook.uiaddressbook.index'));
@@ -173,7 +174,8 @@
//$entries = $this->bo->$get_data_function($fields,
$this->limit, $this->start, $this->order, $this->sort, '', $criteria);
- if ($_REQUEST['convert'])
+ $conv_type_a =
$GLOBALS['phpgw']->session->appsession('conv_type_values_e', 'addressbook');
+ if ($_REQUEST['convert'] && is_array($conv_type_a) &&
in_array($_REQUEST['conv_type'], $conv_type_a))
{
if ($_REQUEST['conv_type'] == 'none')
{
@@ -248,6 +250,7 @@
$conv .= ' <option
value="'.$myfilearray[$i].'">'.$fname.'</option>'."\n";
}
+
$GLOBALS['phpgw']->session->appsession('conv_type_values_e', 'addressbook',
$myfilearray);
$this->template->set_var('lang_cancel',lang('Cancel'));
$this->template->set_var('lang_cat',lang('Select Category'));
$this->template->set_var('cat_link',$this->cat_option($this->cat_id,False,False));
Modified: branches/Version-0_9_16-branch/login.php
===================================================================
--- branches/Version-0_9_16-branch/login.php 2009-07-08 08:50:31 UTC (rev
19116)
+++ branches/Version-0_9_16-branch/login.php 2009-07-23 16:08:27 UTC (rev
19117)
@@ -329,7 +329,7 @@
{
if (ereg('phpgw_',$name))
{
- $extra_vars .= '&' . $name . '=' . urlencode($value);
+ $extra_vars .= '&' . urlencode($name) . '=' .
urlencode($value);
}
}
Modified: branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG
===================================================================
--- branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG 2009-07-08
08:50:31 UTC (rev 19116)
+++ branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG 2009-07-23
16:08:27 UTC (rev 19117)
@@ -1,3 +1,22 @@
+[0.9.16.014]
+ Security Release with bug fixes
+ * Remote File Disclosure in /addressbook/csv_import.php
+ * SQL injection in /login.php
+ * XSS in /login.php
+ * Local file inclusion and Remote file execution in
+ /addressbook/inc/class.uiXport.inc.php
+ All via Secunia - see SA35519
+
+ 0.9.14 -> 0.916 upgrade fixes
+
+ Addressbook usability fixes
+
+[0.9.16.013]
+ No release (stupid superstitious reasons)
+
+[0.9.16.012]
+ Upgrade phpsysinfo
+
[0.9.16.011]
Security Release with bug fixes
- Fix for Vulnerability in Calendar
Modified: branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php
===================================================================
--- branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php
2009-07-08 08:50:31 UTC (rev 19116)
+++ branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php
2009-07-23 16:08:27 UTC (rev 19117)
@@ -40,11 +40,15 @@
if ($passwd_type == 'md5')
{
+ if(!preg_match('/^[0-9a-f]*$/', $passwd))
+ {
+ return False;
+ }
$_passwd = $passwd;
}
$db->query("SELECT * FROM phpgw_accounts WHERE
account_lid = '$username' AND "
- . "account_pwd='" . $_passwd . "' AND
account_status ='A'",__LINE__,__FILE__);
+ . "account_pwd='$_passwd' AND account_status
='A'",__LINE__,__FILE__);
$db->next_record();
if ($db->f('account_lid'))
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] [19117] start to prepare 0.9.16.014 release - fixes SA35519,
Dave Hall <=