The branch "master" has been updated. The following is a summary of the commits.
from: a0e9130f781bbb4ed30b4f7827cfa03123b8df61 c939c09 Sanitize more arguments to protect against RCE. c511f4d Merge branch 'farisv-security-fix' 8d773f2 Fix escaping in Watermark effect. 74e66df Must use addslashes here. Summary: https://github.com/horde/Image/compare/a0e9130f781b...74e66df653ee ----------------------------------------------------------------------- commit c939c0985f4643a7b7773c98a7f6050f4957728e Author: farisv <[email protected]> Date: Mon, 05 Nov 2018 23:01:07 +0800 Sanitize more arguments to protect against RCE. M lib/Horde/Image/Im.php https://github.com/horde/Image/commit/c939c0985f4643a7b7773c98a7f6050f4957728e ----------------------------------------------------------------------- commit c511f4dd10d26846805e4c1d0ab791fd744db122 Author: Michael J Rubinsky <[email protected]> Date: Wed, 21 Nov 2018 11:08:31 -0500 Merge branch 'farisv-security-fix' M lib/Horde/Image/Im.php https://github.com/horde/Image/commit/c511f4dd10d26846805e4c1d0ab791fd744db122 ----------------------------------------------------------------------- commit 8d773f2dd1cda9c06e55b9db0af309db192c0961 Author: Michael J Rubinsky <[email protected]> Date: Wed, 21 Nov 2018 11:08:51 -0500 Fix escaping in Watermark effect. Current escaping breaks the command by wrapping the already double quoted value in single quotes, and potentially unevenly escaping quote characters in the string. M lib/Horde/Image/Effect/Im/TextWatermark.php https://github.com/horde/Image/commit/8d773f2dd1cda9c06e55b9db0af309db192c0961 ----------------------------------------------------------------------- commit 74e66df653ee519d74eff6820c6966b2f27b0d05 Author: Michael J Rubinsky <[email protected]> Date: Wed, 21 Nov 2018 11:10:01 -0500 Must use addslashes here. We don't want the entire string single quoted. M lib/Horde/Image/Im.php https://github.com/horde/Image/commit/74e66df653ee519d74eff6820c6966b2f27b0d05 -- commits mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: [email protected]
