Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 169804 Details for
Bug 243856
dev-php/smarty <2.6.20-r1 "embedded variable" Remote code execution (CVE-2008-{4810,4811})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
smarty-function-injection.patch
smarty-function-injection.patch (text/plain), 1.21 KB, created by
Robert Buchholz (RETIRED)
on 2008-10-25 12:47:04 UTC
(
hide
)
Description:
smarty-function-injection.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-10-25 12:47:04 UTC
Size:
1.21 KB
patch
obsolete
>------------------------------------------------------------------------ >r2784 | Uwe.Tews | 2008-09-18 23:03:32 +0200 (Thu, 18 Sep 2008) | 1 line > > - fix function injection security hole closed (U.Tews) >------------------------------------------------------------------------ >r2796 | monte.ohrt | 2008-09-22 17:29:16 +0200 (Mon, 22 Sep 2008) | 3 lines > >revert patch for secuity hole, update site url > > >------------------------------------------------------------------------ >r2797 | monte.ohrt | 2008-09-22 21:26:32 +0200 (Mon, 22 Sep 2008) | 3 lines > >patch for security, php executed in templates > > >------------------------------------------------------------------------ >Index: Smarty_Compiler.class.php >=================================================================== >--- Smarty-2.6.20.orig/libs/Smarty_Compiler.class.php (revision 2781) >+++ Smarty-2.6.20/libs/Smarty_Compiler.class.php (revision 2797) >@@ -1705,6 +1705,8 @@ > } > // replace double quoted literal string with single quotes > $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); >+ // escape dollar sign if not printing a var >+ $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return); > return $_return; > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 243856
: 169804