r1487 - r1485,r1486の更新をgeeklog-1-jp-extendedにも適用します。 (geeklog-jp commit) - geeklog-jp

Author: ivysoho
Date: Tue Apr 14 09:53:45 2009
New Revision: 1487

Modified:
    trunk/geeklog-1-jp-extended/CHANGES.jp
    trunk/geeklog-1-jp-extended/public_html/admin/install/index.php
    trunk/geeklog-1-jp-extended/public_html/docs/changed-files
    trunk/geeklog-1-jp-extended/public_html/docs/changes.html
    trunk/geeklog-1-jp-extended/public_html/docs/history
    trunk/geeklog-1-jp-extended/public_html/docs/history.html
    trunk/geeklog-1-jp-extended/system/lib-webservices.php

Log:
r1485,r1486の更新をgeeklog-1-jp-extendedにも適用します。

Modified: trunk/geeklog-1-jp-extended/CHANGES.jp
==============================================================================

--- trunk/geeklog-1-jp-extended/CHANGES.jp	(original)
+++ trunk/geeklog-1-jp-extended/CHANGES.jp	Tue Apr 14 09:53:45 2009
@@ -1,5 +1,14 @@
  $Id$

+2009-04-15  Tetsuko Komma  <ivysoho>
+
+	* インストーラのSpam-Xプラグインの本家の処理変更に対応しました。
+
+2009-04-15  Tetsuko Komma  <ivysoho>
+
+	* geeklog-1.5.2sr3のセキュリティ修正を行いました。
+	  (http://www.geeklog.net/article.php/geeklog-1.5.2sr3)
+
  2009-04-05  Takahiro Kambe  <tacahi>

  	* geeklog-1.5.2sr2-jp-extended-1.0をリリースします。

Modified: trunk/geeklog-1-jp-extended/public_html/admin/install/index.php
==============================================================================
--- trunk/geeklog-1-jp-extended/public_html/admin/install/index.php	 
(original)
+++ trunk/geeklog-1-jp-extended/public_html/admin/install/index.php	Tue Apr  
14 09:53:45 2009
@@ -48,7 +48,7 @@
      define("LB", "\n");
  }
  if (!defined('VERSION')) {
-    define('VERSION', '1.5.2sr2');
+    define('VERSION', '1.5.2sr3');
  }
  if (!defined('XHTML')) {
      define('XHTML', ' /');
@@ -216,6 +216,28 @@
                  break;
              }
          }
+    }
+
+    return $retval;
+}
+
+
+/**
+* Check if the Spam-X plugin is already installed
+*
+* Note: Needed for upgrades from old versions - don't remove.
+*
+* @return   int     1 = is installed, 0 = not installed
+*
+*/
+function get_SPX_Ver()
+{
+    global $_TABLES;
+
+    $retval = 0;
+
+    if (DB_count($_TABLES['plugins'], 'pi_name', 'spamx') == 1) {
+        $retval = 1;
      }

      return $retval;

Modified: trunk/geeklog-1-jp-extended/public_html/docs/changed-files
==============================================================================
--- trunk/geeklog-1-jp-extended/public_html/docs/changed-files	(original)
+++ trunk/geeklog-1-jp-extended/public_html/docs/changed-files	Tue Apr 14  
09:53:45 2009
@@ -1,6 +1,6 @@
-geeklog-1.5.2sr2/public_html/admin/install/index.php
-geeklog-1.5.2sr2/public_html/docs/changed-files
-geeklog-1.5.2sr2/public_html/docs/changes.html
-geeklog-1.5.2sr2/public_html/docs/history
-geeklog-1.5.2sr2/public_html/siteconfig.php
-geeklog-1.5.2sr2/system/lib-sessions.php
+geeklog-1.5.2sr3/public_html/admin/install/index.php
+geeklog-1.5.2sr3/public_html/docs/changed-files
+geeklog-1.5.2sr3/public_html/docs/changes.html
+geeklog-1.5.2sr3/public_html/docs/history
+geeklog-1.5.2sr3/public_html/siteconfig.php
+geeklog-1.5.2sr3/system/lib-webservices.php

Modified: trunk/geeklog-1-jp-extended/public_html/docs/changes.html
==============================================================================
--- trunk/geeklog-1-jp-extended/public_html/docs/changes.html	(original)
+++ trunk/geeklog-1-jp-extended/public_html/docs/changes.html	Tue Apr 14  
09:53:45 2009
@@ -17,9 +17,15 @@
  <a href="history">ChangeLog</a>をご覧ください。 
<tt>docs/changed-files</tt>には、前回リリース以来変更されたファイルの一覧が 
あります。</p>


+<h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
+
+<p>Nine Situations グループのBookooがwebservices APIにおいてSQLインジェクシ 
ョンがあると報告しました。
+この問題は，アタッカーがどのアカウントに対してもパスワードハッシュを行うも 
ので，このバージョンで修正されました。</p>
+
+
  <h2><a name="changes152sr2">Geeklog 1.5.2sr2</a></h2>

-<p>Bookoo of the Nine Situations グループがglFusionに対してSQLインジェクシ 
ョンがあると報告しました。
+<p>Nine Situations グループのBookooがglFusionに対してSQLインジェクションが 
あると報告しました。
  それはGeeklogにおいても同様です。この問題は，アタッカーがどのアカウントに対 
してもパスワードハッシュを行うもので，このバージョンで修正されました。.</p>



Modified: trunk/geeklog-1-jp-extended/public_html/docs/history
==============================================================================
--- trunk/geeklog-1-jp-extended/public_html/docs/history	(original)
+++ trunk/geeklog-1-jp-extended/public_html/docs/history	Tue Apr 14  
09:53:45 2009
@@ -1,5 +1,20 @@
  Geeklog History/Changes:

+Apr 13, 2009 (1.5.2sr3)
+------------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted another SQL injection exploit,  
this
+time targetting the webservices API. As with the previous issue, this  
allowed
+an attacker to extract the password hash for any account and is fixed with  
this
+release.
+
+Not security-related:
+- Re-introduced function get_SPX_Ver in the install script, which is still
+  needed when upgrading from old Geeklog releases (reported by Sheila)  
[Dirk]
+
+
  Apr 4, 2009 (1.5.2sr2)
  -----------

@@ -32,7 +47,7 @@
    [Dirk]
  - Display a message when sending the email for a new password failed [Dirk]

-- Updated Estonian language file for the Calendar plugin, provided by  
Artur R舊p
+- Updated Estonian language file for the Calendar plugin, provided by  
Artur R�pp
  - Updated Japanese language file, provided by the Geeklog.jp group

  Static Pages plugin
@@ -177,7 +192,7 @@
    set name was written in uppercase (bug #0000731) [Dirk]

  - Updated Hebrew language files, provided by LWC
-- Updated Estonian language files, provided by Artur R舊p
+- Updated Estonian language files, provided by Artur R�pp
  - Updated Japanese language files, provided by the Geeklog.jp group
  - Updated Slovenian language files, provided by gape

@@ -337,12 +352,12 @@
    when doing a database upgrade or re-running the install (reported by Mark
    Evans) [Dirk]
  - Links plugin: The word "Root" wasn't taken from the language file for  
the page
-  title of the public list of links (reported by Markus Wollschl臠er)  
[Dirk]
+  title of the public list of links (reported by Markus Wollschl�ger)  
[Dirk]
  - Fixed remaining places where the Admin panels had inconsistent layouts:
    Calendar list of events, Polls editor (bug #0000650) [Dirk]

  - Updated Hebrew language file, provided by LWC
-- Updated German language files, provided by Markus Wollschl臠er
+- Updated German language files, provided by Markus Wollschl�ger
  - Some Korean language files had a mixture of CR/LF and LF as line  
separators
    (bug #0000655) [Dirk]

@@ -383,7 +398,7 @@
  - Fixed problems with the text direction in the install script (reported  
by LWC)
    [Dirk]

-- Updated Estonian language files, provided by Artur R舊p
+- Updated Estonian language files, provided by Artur R�pp
  - Updated Hebrew language files, provided by LWC
  - Updated Japanese language files, provided by Takahiro Kambe, Tetsuko  
Komma,
    and the Geeklog.jp group
@@ -411,7 +426,7 @@
    future use (cf. bug #0000635) [Dirk]

  - Updated Chinese language files, provided by Samuel M. Stone
-- Updated Estonian language files, provided by Artur R舊p
+- Updated Estonian language files, provided by Artur R�pp
  - Updated Slovenian language file, provided by gape

  Calendar plugin
@@ -446,7 +461,7 @@
  - The URL sent in a user registration notification contained an &amp;  
where it
    should have been a simple & [Dirk]

-- Updated German language files, provided by Markus Wollschl臠er
+- Updated German language files, provided by Markus Wollschl�ger

  Links plugin
  ------------
@@ -469,7 +484,7 @@
    centerblock.thtml template file and defined the {lastupdate} and {hits}
    variables there (bug #0000628) [Dirk]
  - Removed an extra } from the Static Pages staticpage.thtml template file
-  (reported by Markus Wollschl臠er) [Dirk]
+  (reported by Markus Wollschl�ger) [Dirk]



@@ -485,7 +500,7 @@
  - Emails sent from Geeklog now have an X-Originating-IP header to help  
track
    spam or abuse [Dirk]
  - The topic editor allowed you to enter topic IDs with more than 20  
characters
-  (reported by Markus Wollschl臠er) [Dirk]
+  (reported by Markus Wollschl�ger) [Dirk]
  - Ease restriction that email addresses have to be unique: Remote accounts  
can
    have non-unique addresses, on-site accounts can't [Dirk]
  - Bug: Email user form doesn't display correctly with " in subject when  
sending
@@ -511,7 +526,7 @@
    (patches provided by dengen from geeklog.jp)
  - Added batch admin feature to send out account reminders [Blaine]
  - Hide "Create Account" link in the story submission form when new account
-  registration has been disabled (reported by Markus Wollschl臠er) [Dirk]
+  registration has been disabled (reported by Markus Wollschl�ger) [Dirk]
  - Updated COM_startBlock to set a unique {blockid} template variable  
[Blaine]
  - Fixed checking of "Show Admin lists" in Group Admin when going to 2nd  
page of
    results [Oliver]
@@ -696,7 +711,7 @@
  - In lists created from the Links and Calendar plugins,  
use "links-new-plugin"
    as the CSS class name [Oliver]

-- Updated Estonian language file, provided by Artur R舊p
+- Updated Estonian language file, provided by Artur R�pp
  - Updated Russian language file, provided by Alexander Yurchenko
  - New Russian language file for the Calendar plugin, provided by Alexander
    Yurchenko
@@ -852,7 +867,7 @@
    display when a user doesn't have a userphoto [Dirk]

  - New Estonian language files for Geeklog and most of the plugins, provided
-  by Artur R舊p
+  by Artur R�pp
  - Updated Hebrew language file, provided by LWC
  - Updated Japanese language files for Geeklog and all the plugins, provided
    by the Geeklog Japanese group

Modified: trunk/geeklog-1-jp-extended/public_html/docs/history.html
==============================================================================
--- trunk/geeklog-1-jp-extended/public_html/docs/history.html	(original)
+++ trunk/geeklog-1-jp-extended/public_html/docs/history.html	Tue Apr 14  
09:53:45 2009
@@ -13,6 +13,20 @@
  <h1>Geeklog History/Changes:</h1>


+<h2>Apr 13, 2009 (1.5.2sr3)</h2>
+
+<ul>
+  <li>This release addresses the following security issue:</li>
+  <li>Bookoo of the Nine Situations Group posted another SQL injection  
exploit, this
+time targetting the webservices API. As with the previous issue, this  
allowed
+an attacker to extract the password hash for any account and is fixed with  
this
+release.</li>
+  <li>Not security-related:</li>
+  <li>- Re-introduced function get_SPX_Ver in the install script, which is  
still
+  needed when upgrading from old Geeklog releases (reported by Sheila)  
[Dirk]</li>
+</ul>
+
+
  <h2>Apr 4, 2009 (1.5.2sr2)</h2>

  <ul>

Modified: trunk/geeklog-1-jp-extended/system/lib-webservices.php
==============================================================================
--- trunk/geeklog-1-jp-extended/system/lib-webservices.php	(original)
+++ trunk/geeklog-1-jp-extended/system/lib-webservices.php	Tue Apr 14  
09:53:45 2009
@@ -782,7 +782,7 @@
      $status = -1;

      if (isset($_SERVER['PHP_AUTH_USER'])) {
-        $username = $_SERVER['PHP_AUTH_USER'];
+        $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']);
          $password = $_SERVER['PHP_AUTH_PW'];

          if ($WS_VERBOSE) {
@@ -815,7 +815,7 @@
              $key = trim($key);
              $val = trim($val, "\x22\x27");
              if ($key == 'Username') {
-                $username = $val;
+                $username = COM_applyBasicFilter($val);
              } elseif ($key == 'PasswordDigest') {
                  $pwdigest = $val;
              } elseif ($key == 'Created') {
@@ -858,6 +858,7 @@

          list($auth_type, $auth_data) = explode(' ',  
$_SERVER['REMOTE_USER']);
          list($username, $password) = explode(':',  
base64_decode($auth_data));
+        $username = COM_applyBasicFilter($username);

          if ($WS_VERBOSE) {
              COM_errorLog("WS: Attempting to log in user '$username' (via  
\$_SERVER['REMOTE_USER'])");


geeklog-jp

[geeklog-jp commit] r1487 - r1485,r1486の更新をgeeklog-1-jp-extendedにも適用します。