SOURCES: mantis-debian.patch (NEW) - fix from gentoo which origina...
glen
glen at pld-linux.org
Sat Sep 24 15:28:21 CEST 2005
Author: glen Date: Sat Sep 24 13:28:21 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- fix from gentoo which originates from debian. see also http://bugs.gentoo.org/show_bug.cgi?id=103308
---- Files affected:
SOURCES:
mantis-debian.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/mantis-debian.patch
diff -u /dev/null SOURCES/mantis-debian.patch:1.1
--- /dev/null Sat Sep 24 15:28:21 2005
+++ SOURCES/mantis-debian.patch Sat Sep 24 15:28:16 2005
@@ -0,0 +1,69 @@
+diff -ur mantis-0.19.2/core/database_api.php mantis-0.19.2.patched/core/database_api.php
+--- mantis-0.19.2/core/database_api.php 2004-12-09 13:55:06.000000000 -0500
++++ mantis-0.19.2.patched/core/database_api.php 2005-09-14 07:12:11.000000000 -0400
+@@ -9,6 +9,13 @@
+ # $Id$
+ # --------------------------------------------------------
+
++ #
++ # Patch for #0005956: Database system scanner via variable poisoning
++ #
++
++ if (isset($_REQUEST["g_db_type"]))
++ die("");
++
+ ### Database ###
+
+ # This is the general interface for all database calls.
+diff -ur mantis-0.19.2/core/filter_api.php mantis-0.19.2.patched/core/filter_api.php
+--- mantis-0.19.2/core/filter_api.php 2004-11-19 08:06:30.000000000 -0500
++++ mantis-0.19.2.patched/core/filter_api.php 2005-09-14 07:13:54.000000000 -0400
+@@ -753,7 +753,7 @@
+ ?>
+
+ <br />
+- <form method="post" name="filters" action="<?php PRINT $t_action; ?>">
++ <form method="post" name="filters" action="<?php PRINT htmlentities($t_action); ?>">
+ <input type="hidden" name="type" value="5" />
+ <?php
+ if ( $p_for_screen == false ) {
+@@ -761,10 +761,10 @@
+ PRINT '<input type="hidden" name="offset" value="0" />';
+ }
+ ?>
+- <input type="hidden" name="sort" value="<?php PRINT $t_sort ?>" />
+- <input type="hidden" name="dir" value="<?php PRINT $t_dir ?>" />
+- <input type="hidden" name="page_number" value="<?php PRINT $p_page_number ?>" />
+- <input type="hidden" name="view_type" value="<?php PRINT $t_view_type ?>" />
++ <input type="hidden" name="sort" value="<?php PRINT htmlentities($t_sort) ?>" />
++ <input type="hidden" name="dir" value="<?php PRINT htmlentities($t_dir) ?>" />
++ <input type="hidden" name="page_number" value="<?php PRINT htmlentities($p_page_number) ?>" />
++ <input type="hidden" name="view_type" value="<?php PRINT htmlentities($t_view_type) ?>" />
+ <table class="width100" cellspacing="1">
+
+ <?php
+diff -ur mantis-0.19.2/login_page.php mantis-0.19.2.patched/login_page.php
+--- mantis-0.19.2/login_page.php 2004-08-14 11:26:20.000000000 -0400
++++ mantis-0.19.2.patched/login_page.php 2005-09-14 07:11:16.000000000 -0400
+@@ -138,14 +138,13 @@
+ echo '</div>';
+ }
+ }
+-
+- # Check if the admin directory is available and is readable.
+- $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
+- if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
+- echo '<div class="warning" align="center">', "\n";
+- echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n";
+- echo '</div>', "\n";
+- }
++# # Check if the admin directory is available and is readable.
++# $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
++# if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
++# echo '<div class="warning" align="center">', "\n";
++# echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n";
++# echo '</div>', "\n";
++# }
+ ?>
+
+ <!-- Autofocus JS -->
================================================================
More information about the pld-cvs-commit
mailing list