codes****@googl*****
codes****@googl*****
2009年 4月 19日 (日) 00:59:03 JST
Author: tacahi Date: Sat Apr 18 08:52:23 2009 New Revision: 1529 Modified: branches/geeklog-new-tree/CHANGES.jp branches/geeklog-new-tree/extended/CHANGES.jp branches/geeklog-new-tree/extended/release_jp.php branches/geeklog-new-tree/public_html/admin/install/index.php branches/geeklog-new-tree/public_html/docs/changed-files branches/geeklog-new-tree/public_html/docs/changes.html branches/geeklog-new-tree/public_html/docs/history branches/geeklog-new-tree/public_html/siteconfig.php branches/geeklog-new-tree/public_html/usersettings.php branches/geeklog-new-tree/release_jp.php Log: geeklog 1.5.2sr4のマージに関するリビジョンをマージしました。 Modified: branches/geeklog-new-tree/CHANGES.jp ============================================================================== --- branches/geeklog-new-tree/CHANGES.jp (original) +++ branches/geeklog-new-tree/CHANGES.jp Sat Apr 18 08:52:23 2009 @@ -1,5 +1,12 @@ $Id$ +2009-04-18 Takahiro Kambe <tacahi> + + * public_html/docs/changes.html: 1.5.2sr4の変更(追加部分)を翻訳し + ました。 + + * geeklog-1.5.2sr4をマージしました。 + 2009-04-16 Takahiro Kambe <tacahi> * geeklog-1.5.2sr3-jp-1.0をリリースします。 Modified: branches/geeklog-new-tree/extended/CHANGES.jp ============================================================================== --- branches/geeklog-new-tree/extended/CHANGES.jp (original) +++ branches/geeklog-new-tree/extended/CHANGES.jp Sat Apr 18 08:52:23 2009 @@ -1,5 +1,12 @@ $Id$ +2009-04-18 Takahiro Kambe <tacahi> + + * public_html/docs/changes.html: 1.5.2sr4の変更(追加部分)を翻訳し + ました。 + + * geeklog-1.5.2sr4をマージしました。 + 2009-04-18 Masuko Koeda <milk851> * 掲示板のアイコンを新しいものに変更しました。 Modified: branches/geeklog-new-tree/extended/release_jp.php ============================================================================== --- branches/geeklog-new-tree/extended/release_jp.php (original) +++ branches/geeklog-new-tree/extended/release_jp.php Sat Apr 18 08:52:23 2009 @@ -1,4 +1,4 @@ <?php - $release_no = "1.0.99"; + $release_no = "0.0.99"; $release_date = "$Date$"; ?> Modified: branches/geeklog-new-tree/public_html/admin/install/index.php ============================================================================== --- branches/geeklog-new-tree/public_html/admin/install/index.php (original) +++ branches/geeklog-new-tree/public_html/admin/install/index.php Sat Apr 18 08:52:23 2009 @@ -48,7 +48,7 @@ define("LB", "\n"); } if (!defined('VERSION')) { - define('VERSION', '1.5.2sr3'); + define('VERSION', '1.5.2sr4'); } if (!defined('XHTML')) { define('XHTML', ' /'); Modified: branches/geeklog-new-tree/public_html/docs/changed-files ============================================================================== --- branches/geeklog-new-tree/public_html/docs/changed-files (original) +++ branches/geeklog-new-tree/public_html/docs/changed-files Sat Apr 18 08:52:23 2009 @@ -1,6 +1,6 @@ -geeklog-1.5.2sr3/public_html/admin/install/index.php -geeklog-1.5.2sr3/public_html/docs/changed-files -geeklog-1.5.2sr3/public_html/docs/changes.html -geeklog-1.5.2sr3/public_html/docs/history -geeklog-1.5.2sr3/public_html/siteconfig.php -geeklog-1.5.2sr3/system/lib-webservices.php +geeklog-1.5.2sr4/public_html/admin/install/index.php +geeklog-1.5.2sr4/public_html/docs/changed-files +geeklog-1.5.2sr4/public_html/docs/changes.html +geeklog-1.5.2sr4/public_html/docs/history +geeklog-1.5.2sr4/public_html/siteconfig.php +geeklog-1.5.2sr4/public_html/usersettings.php Modified: branches/geeklog-new-tree/public_html/docs/changes.html ============================================================================== --- branches/geeklog-new-tree/public_html/docs/changes.html (original) +++ branches/geeklog-new-tree/public_html/docs/changes.html Sat Apr 18 08:52:23 2009 @@ -16,6 +16,10 @@ <p>このドキュメントでは最も重要な変更点や目につく変更点を簡潔に説明していま す。変更点の詳細なリストは、 <a href="history">ChangeLog</a>をご覧ください。 <tt>docs/changed-files</tt>には、前回リリース以来変更されたファイルの一覧が あります。</p> +<h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2> + +<p>Nine Situations グループの Bookoo が usersettings.php の古いバグを対象と する、さらに別のSQLインジェクションの脆弱性を報告しました。前回の問題のよう に、攻撃者は任意のアカウントのパスワードのハッシュ値を取得できる恐れがありま したが、このリリースで問題は修正されました。</p> + <h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2> Modified: branches/geeklog-new-tree/public_html/docs/history ============================================================================== --- branches/geeklog-new-tree/public_html/docs/history (original) +++ branches/geeklog-new-tree/public_html/docs/history Sat Apr 18 08:52:23 2009 @@ -1,5 +1,16 @@ Geeklog History/Changes: +Apr 18, 2009 (1.5.2sr4) +------------ + +This release addresses the following security issue: + +Bookoo of the Nine Situations Group posted another SQL injection exploit, +targetting an old bug in usersettings.php. As with the previous issues, this +allowed an attacker to extract the password hash for any account and is fixed +with this release. + + Apr 13, 2009 (1.5.2sr3) ------------ Modified: branches/geeklog-new-tree/public_html/siteconfig.php ============================================================================== --- branches/geeklog-new-tree/public_html/siteconfig.php (original) +++ branches/geeklog-new-tree/public_html/siteconfig.php Sat Apr 18 08:52:23 2009 @@ -38,7 +38,7 @@ define('LB',"\n"); } if (!defined('VERSION')) { - define('VERSION', '1.5.2sr3'); + define('VERSION', '1.5.2sr4'); } ?> Modified: branches/geeklog-new-tree/public_html/usersettings.php ============================================================================== --- branches/geeklog-new-tree/public_html/usersettings.php (original) +++ branches/geeklog-new-tree/public_html/usersettings.php Sat Apr 18 08:52:23 2009 @@ -1345,23 +1345,33 @@ } } - $TIDS = @array_values($A[$_TABLES['topics']]); - $AIDS = @array_values($A['selauthors']); - $BOXES = @array_values($A["{$_TABLES['blocks']}"]); - $ETIDS = @array_values($A['etids']); + $TIDS = @array_values($A[$_TABLES['topics']]); // array of strings + $AIDS = @array_values($A['selauthors']); // array of integers + $BOXES = @array_values($A["{$_TABLES['blocks']}"]); // array of integers + $ETIDS = @array_values($A['etids']); // array of strings + $AETIDS = USER_getAllowedTopics(); // array of strings (fetched, needed to "clean" $TIDS and $ETIDS) $tids = ''; if (sizeof ($TIDS) > 0) { - $tids = addslashes (implode (' ', $TIDS)); + // the array_intersect mitigates the need to scrub the TIDS input + $tids = addslashes (implode (' ', array_intersect ($AETIDS, $TIDS))); } $aids = ''; if (sizeof ($AIDS) > 0) { + // Scrub the AIDS array to prevent SQL injection and bad values + foreach ($AIDS as $key => $val) { + $AIDS[$key] = COM_applyFilter($val, true); + } $aids = addslashes (implode (' ', $AIDS)); } $selectedblocks = ''; if (count ($BOXES) > 0) { + // Scrub the BOXES array to prevent SQL injection and bad values + foreach ($BOXES as $key => $val) { + $BOXES[$key] = COM_applyFilter($val, true); + } $boxes = addslashes (implode (',', $BOXES)); $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($boxes)"); @@ -1379,7 +1389,7 @@ $etids = ''; if (sizeof ($ETIDS) > 0) { - $AETIDS = USER_getAllowedTopics(); + // the array_intersect mitigates the need to scrub the ETIDS input $etids = addslashes (implode (' ', array_intersect ($AETIDS, $ETIDS))); } Modified: branches/geeklog-new-tree/release_jp.php ============================================================================== --- branches/geeklog-new-tree/release_jp.php (original) +++ branches/geeklog-new-tree/release_jp.php Sat Apr 18 08:52:23 2009 @@ -1,4 +1,4 @@ <?php - $release_no = "1.0.99"; + $release_no = "0.0.99"; $release_date = "$Date$"; ?>