codes****@googl*****
codes****@googl*****
2009年 4月 18日 (土) 23:22:34 JST
Author: tacahi
Date: Sat Apr 18 07:04:26 2009
New Revision: 1518
Modified:
trunk/geeklog-1-jp/public_html/admin/install/index.php
trunk/geeklog-1-jp/public_html/docs/changed-files
trunk/geeklog-1-jp/public_html/docs/changes.html
trunk/geeklog-1-jp/public_html/docs/history
trunk/geeklog-1-jp/public_html/siteconfig.php
trunk/geeklog-1-jp/public_html/usersettings.php
Log:
* geeklog 1.5.2sr4をマージしました。
Modified: trunk/geeklog-1-jp/public_html/admin/install/index.php
==============================================================================
--- trunk/geeklog-1-jp/public_html/admin/install/index.php (original)
+++ trunk/geeklog-1-jp/public_html/admin/install/index.php Sat Apr 18
07:04:26 2009
@@ -48,7 +48,7 @@
define("LB", "\n");
}
if (!defined('VERSION')) {
- define('VERSION', '1.5.2sr3');
+ define('VERSION', '1.5.2sr4');
}
if (!defined('XHTML')) {
define('XHTML', ' /');
Modified: trunk/geeklog-1-jp/public_html/docs/changed-files
==============================================================================
--- trunk/geeklog-1-jp/public_html/docs/changed-files (original)
+++ trunk/geeklog-1-jp/public_html/docs/changed-files Sat Apr 18 07:04:26
2009
@@ -1,6 +1,6 @@
-geeklog-1.5.2sr3/public_html/admin/install/index.php
-geeklog-1.5.2sr3/public_html/docs/changed-files
-geeklog-1.5.2sr3/public_html/docs/changes.html
-geeklog-1.5.2sr3/public_html/docs/history
-geeklog-1.5.2sr3/public_html/siteconfig.php
-geeklog-1.5.2sr3/system/lib-webservices.php
+geeklog-1.5.2sr4/public_html/admin/install/index.php
+geeklog-1.5.2sr4/public_html/docs/changed-files
+geeklog-1.5.2sr4/public_html/docs/changes.html
+geeklog-1.5.2sr4/public_html/docs/history
+geeklog-1.5.2sr4/public_html/siteconfig.php
+geeklog-1.5.2sr4/public_html/usersettings.php
Modified: trunk/geeklog-1-jp/public_html/docs/changes.html
==============================================================================
--- trunk/geeklog-1-jp/public_html/docs/changes.html (original)
+++ trunk/geeklog-1-jp/public_html/docs/changes.html Sat Apr 18 07:04:26
2009
@@ -16,6 +16,10 @@
<p>このドキュメントでは最も重要な変更点や目につく変更点を簡潔に説明していま
す。変更点の詳細なリストは、
<a href="history">ChangeLog</a>をご覧ください。
<tt>docs/changed-files</tt>には、前回リリース以来変更されたファイルの一覧が
あります。</p>
+<h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted another SQL injection
exploit, targetting an old bug in usersettings.php. As with the previous
issues, this allowed an attacker to extract the password hash for any
account and is fixed with this release.</p>
+
<h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
Modified: trunk/geeklog-1-jp/public_html/docs/history
==============================================================================
--- trunk/geeklog-1-jp/public_html/docs/history (original)
+++ trunk/geeklog-1-jp/public_html/docs/history Sat Apr 18 07:04:26 2009
@@ -1,5 +1,16 @@
Geeklog History/Changes:
+Apr 18, 2009 (1.5.2sr4)
+------------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted another SQL injection exploit,
+targetting an old bug in usersettings.php. As with the previous issues,
this
+allowed an attacker to extract the password hash for any account and is
fixed
+with this release.
+
+
Apr 13, 2009 (1.5.2sr3)
------------
Modified: trunk/geeklog-1-jp/public_html/siteconfig.php
==============================================================================
--- trunk/geeklog-1-jp/public_html/siteconfig.php (original)
+++ trunk/geeklog-1-jp/public_html/siteconfig.php Sat Apr 18 07:04:26 2009
@@ -38,7 +38,7 @@
define('LB',"\n");
}
if (!defined('VERSION')) {
- define('VERSION', '1.5.2sr3');
+ define('VERSION', '1.5.2sr4');
}
?>
Modified: trunk/geeklog-1-jp/public_html/usersettings.php
==============================================================================
--- trunk/geeklog-1-jp/public_html/usersettings.php (original)
+++ trunk/geeklog-1-jp/public_html/usersettings.php Sat Apr 18 07:04:26 2009
@@ -1345,23 +1345,33 @@
}
}
- $TIDS = @array_values($A[$_TABLES['topics']]);
- $AIDS = @array_values($A['selauthors']);
- $BOXES = @array_values($A["{$_TABLES['blocks']}"]);
- $ETIDS = @array_values($A['etids']);
+ $TIDS = @array_values($A[$_TABLES['topics']]); // array of strings
+ $AIDS = @array_values($A['selauthors']); // array of
integers
+ $BOXES = @array_values($A["{$_TABLES['blocks']}"]); // array of
integers
+ $ETIDS = @array_values($A['etids']); // array of strings
+ $AETIDS = USER_getAllowedTopics(); // array of
strings (fetched, needed to "clean" $TIDS and $ETIDS)
$tids = '';
if (sizeof ($TIDS) > 0) {
- $tids = addslashes (implode (' ', $TIDS));
+ // the array_intersect mitigates the need to scrub the TIDS input
+ $tids = addslashes (implode (' ', array_intersect ($AETIDS,
$TIDS)));
}
$aids = '';
if (sizeof ($AIDS) > 0) {
+ // Scrub the AIDS array to prevent SQL injection and bad values
+ foreach ($AIDS as $key => $val) {
+ $AIDS[$key] = COM_applyFilter($val, true);
+ }
$aids = addslashes (implode (' ', $AIDS));
}
$selectedblocks = '';
if (count ($BOXES) > 0) {
+ // Scrub the BOXES array to prevent SQL injection and bad values
+ foreach ($BOXES as $key => $val) {
+ $BOXES[$key] = COM_applyFilter($val, true);
+ }
$boxes = addslashes (implode (',', $BOXES));
$blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']}
WHERE bid NOT IN ($boxes)");
@@ -1379,7 +1389,7 @@
$etids = '';
if (sizeof ($ETIDS) > 0) {
- $AETIDS = USER_getAllowedTopics();
+ // the array_intersect mitigates the need to scrub the ETIDS input
$etids = addslashes (implode (' ', array_intersect ($AETIDS,
$ETIDS)));
}