diff -u wordpress-2.5.1/debian/changelog wordpress-2.5.1/debian/changelog --- wordpress-2.5.1/debian/changelog +++ wordpress-2.5.1/debian/changelog @@ -1,3 +1,9 @@ +wordpress (2.5.1-7) unstable; urgency=low + + * Added a patch to complete the patch created for #497216 (Closes: #497524) + + -- Wessel van Norel Sun, 07 Sep 2008 02:43:16 +0200 + wordpress (2.5.1-6) unstable; urgency=high * Added patch to fix remote attack vulnerability (Closes: #497216) diff -u wordpress-2.5.1/debian/patches/00list wordpress-2.5.1/debian/patches/00list --- wordpress-2.5.1/debian/patches/00list +++ wordpress-2.5.1/debian/patches/00list @@ -8,0 +9 @@ +009CVE2008-3747.addendum.patch only in patch2: unchanged: --- wordpress-2.5.1.orig/debian/patches/009CVE2008-3747.addendum.patch +++ wordpress-2.5.1/debian/patches/009CVE2008-3747.addendum.patch @@ -0,0 +1,129 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 009CVE2008-3747.addendum.patch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: In patch 008 a call is made to the admin_url function, but that function was not added. This patch adds it. + +@DPATCH@ +diff -urNad wordpress-2.5.1~/wp-includes/functions.php wordpress-2.5.1/wp-includes/functions.php +--- wordpress-2.5.1~/wp-includes/functions.php 2008-04-08 19:21:02.000000000 +0200 ++++ wordpress-2.5.1/wp-includes/functions.php 2008-09-07 03:20:22.000000000 +0200 +@@ -1749,4 +1749,55 @@ + return $default; + } + ++/** ++ * Determine if SSL is used. ++ * ++ * @since 2.6.0 ++ * ++ * @return bool True if SSL, false if not used. ++ */ ++function is_ssl() { ++ return ( isset($_SERVER['HTTPS']) && 'on' == strtolower($_SERVER['HTTPS']) ) ? true : false; ++} ++ ++/** ++ * Whether SSL login should be forced. ++ * ++ * @since 2.6.0 ++ * ++ * @param string|bool $force Optional. ++ * @return bool True if forced, false if not forced. ++ */ ++function force_ssl_login($force = '') { ++ static $forced; ++ ++ if ( '' != $force ) { ++ $old_forced = $forced; ++ $forced = $force; ++ return $old_forced; ++ } ++ ++ return $forced; ++} ++ ++/** ++ * Whether to force SSL used for the Administration Panels. ++ * ++ * @since 2.6.0 ++ * ++ * @param string|bool $force ++ * @return bool True if forced, false if not forced. ++ */ ++function force_ssl_admin($force = '') { ++ static $forced; ++ ++ if ( '' != $force ) { ++ $old_forced = $forced; ++ $forced = $force; ++ return $old_forced; ++ } ++ ++ return $forced; ++} ++ + ?> +diff -urNad wordpress-2.5.1~/wp-includes/link-template.php wordpress-2.5.1/wp-includes/link-template.php +--- wordpress-2.5.1~/wp-includes/link-template.php 2008-04-14 19:57:30.000000000 +0200 ++++ wordpress-2.5.1/wp-includes/link-template.php 2008-09-07 03:20:39.000000000 +0200 +@@ -730,4 +730,59 @@ + } + } + ++/** Return the site url ++ * ++ * ++ * @package WordPress ++ * @since 2.6 ++ * ++ * Returns the 'site_url' option with the appropriate protocol, 'https' if is_ssl() and 'http' otherwise. ++ * If $scheme is 'http' or 'https', is_ssl() is overridden. ++ * ++ * @param string $path Optional path relative to the site url ++ * @param string $scheme Optional scheme to give the site url context. Currently 'http','https', 'login', 'login_post', or 'admin' ++ * @return string Site url link with optional path appended ++*/ ++function site_url($path = '', $scheme = null) { ++ // should the list of allowed schemes be maintained elsewhere? ++ $orig_scheme = $scheme; ++ if ( !in_array($scheme, array('http', 'https')) ) { ++ if ( ('login_post' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) ) ++ $scheme = 'https'; ++ elseif ( ('login' == $scheme) && ( force_ssl_admin() ) ) ++ $scheme = 'https'; ++ elseif ( ('admin' == $scheme) && force_ssl_admin() ) ++ $scheme = 'https'; ++ else ++ $scheme = ( is_ssl() ? 'https' : 'http' ); ++ } ++ ++ $url = str_replace( 'http://', "{$scheme}://", get_option('siteurl') ); ++ ++ if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) ++ $url .= '/' . ltrim($path, '/'); ++ ++ return apply_filters('site_url', $url, $path, $orig_scheme); ++} ++ ++/** Return the admin url ++ * ++ * ++ * @package WordPress ++ * @since 2.6 ++ * ++ * Returns the url to the admin area ++ * ++ * @param string $path Optional path relative to the admin url ++ * @return string Admin url link with optional path appended ++*/ ++function admin_url($path = '') { ++ $url = site_url('wp-admin/', 'admin'); ++ ++ if ( !empty($path) && is_string($path) && strpos($path, '..') === false ) ++ $url .= ltrim($path, '/'); ++ ++ return $url; ++} ++ + ?>