Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 133465 Details for
Bug 195810
www-apps/sitebar < 3.3.9 - multiple security issues in translator.php (CVE-2007-{5491,5492,5692,5693,5694,5695})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
SiteBar-3.3.8-translator-security.patch
SiteBar-3.3.8-translator-security.patch (text/plain), 2.20 KB, created by
Robert Buchholz (RETIRED)
on 2007-10-14 19:14:26 UTC
(
hide
)
Description:
SiteBar-3.3.8-translator-security.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-10-14 19:14:26 UTC
Size:
2.20 KB
patch
obsolete
>Index: SiteBar-3.3.8/translator.php >=================================================================== >--- SiteBar-3.3.8.orig/translator.php >+++ SiteBar-3.3.8/translator.php >@@ -489,12 +489,19 @@ if ($update && !$this->parts[$part]['inl > [<a href="translator.php?<?php echo $this->dirCGI ?>">Back to Translation List</a>] > <p> > <?php >+ if (!isset($this->parts[$part])) >+ { >+ die("Unknown part in edit param!"); >+ } >+ >+ if (!preg_match('/^\w+$/',$lang)) >+ { >+ die("Not allowed characters in lang param!"); >+ } >+ > $param = $this->parts[$part]; > $file = sprintf($this->fmt,$lang,$param['file']); > >- mkdir($this->dir.'/locale/'.$lang, 0777); >- chmod($this->dir.'/locale/'.$lang, 0777); >- > include($file); > eval('$data = $'.$part.';'); > eval('$'.$part.'=array();'); >@@ -518,7 +525,8 @@ if ($update && !$this->parts[$part]['inl > > if (!$fh = fopen($file,'w')) > { >- echo "Cannot write results to file: $file" . >+ echo "Cannot write results to file: $file<br>\n"; >+ echo "Sorry for inconvinience, if possible keep this page open and inform admin. When the problem is fixed you could just reload this page and post the data once again.<br>\n"; > exit; > } > >@@ -572,9 +580,17 @@ if ($update && !$this->parts[$part]['inl > else > { > $value = str_replace("\r\n","\n", $value); >- fwrite( $fh, "\$".$part."['".$label."'] = <<<_P\n"); >+ fwrite( $fh, "\$".$part."['".$label."'] = <<<_SBHD\n"); >+ >+ // Do not allow here doc to be included in the string, >+ // otherwise any php code would be executed. >+ if (strstr($value,"_SBHD")) >+ { >+ die("Value must not contain _SBHD pattern!"); >+ } >+ > fwrite( $fh, $value); >- fwrite( $fh, "\n_P;\n\n"); >+ fwrite( $fh, "\n_SBHD;\n\n"); > } > } > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 195810
:
133465