Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070722191549-e2957-030a0eaf775d46b479f0815e88dfe4b505c12a46.gz;
[joomla-1.0.12-2terminus1-i686 VMiklos <[EMAIL PROTECTED]>**20070722191549 added 7832.diff closes #2216 ] { addfile ./source/network-extra/joomla/7832.diff hunk ./source/network-extra/joomla/7832.diff 1 +Index: 1.0/administrator/includes/admin.php +=================================================================== +--- 1.0/administrator/includes/admin.php (revision 7831) ++++ 1.0/administrator/includes/admin.php (revision 7832) +@@ -323,7 +323,7 @@ + $wrongSettingsTexts[] = 'PHP register_globals setting is `ON` instead of `OFF`'; + } + if ( RG_EMULATION != 0 ) { +- $wrongSettingsTexts[] = 'Joomla! RG_EMULATION setting is `ON` instead of `OFF` in file globals.php <br /><span style="font-weight: normal; font-style: italic; color: #666;">`ON` by default for compatibility reasons</span>'; ++ $wrongSettingsTexts[] = 'Joomla! "Register Globals Emulation" setting is `ON`. To disable Register Globals Emulation, navigate to Site -> Global Configuration -> Server, select `OFF`, and save.<br /><span style="font-weight: normal; font-style: italic; color: #666;">Register Globals Emulation is `ON` by default for backward compatibility.</span>'; + } + + if ( count($wrongSettingsTexts) ) { +Index: 1.0/administrator/index.php +=================================================================== +--- 1.0/administrator/index.php (revision 7831) ++++ 1.0/administrator/index.php (revision 7832) +@@ -95,8 +95,7 @@ + session_start(); + + // construct Session ID +- $logintime = time(); +- $session_id = md5( $my->id . $my->username . $my->usertype . $logintime ); ++ $session_id = session_id(); + + // add Session ID entry to DB + $query = "INSERT INTO #__session" +Index: 1.0/includes/joomla.php +=================================================================== +--- 1.0/includes/joomla.php (revision 7831) ++++ 1.0/includes/joomla.php (revision 7832) +@@ -764,11 +764,11 @@ + $my->gid = intval( mosGetParam( $_SESSION, 'session_gid', '' ) ); + $my->params = mosGetParam( $_SESSION, 'session_user_params', '' ); + +- $session_id = mosGetParam( $_SESSION, 'session_id', '' ); ++ $old_session_id = mosGetParam( $_SESSION, 'session_id', '' ); + $logintime = mosGetParam( $_SESSION, 'session_logintime', '' ); + + // check to see if session id corresponds with correct format +- if ( $session_id == md5( $my->id . $my->username . $my->usertype . $logintime ) ) { ++ if (strlen($old_session_id) == 32) { + // if task action is to `save` or `apply` complete action before doing session checks. + if ($task != 'save' && $task != 'apply') { + // test for session_life_admin +@@ -789,11 +789,24 @@ + $this->_db->setQuery( $query ); + $this->_db->query(); + ++ // destroy the old session ++ $oldSession = $_SESSION; ++ session_destroy(); ++ ++ // create a clean session ++ session_start(); ++ session_regenerate_id(); ++ ++ // restore the old session state with a new id ++ $_SESSION = $oldSession; ++ $_SESSION['session_id'] = session_id(); ++ + // update session timestamp + $current_time = time(); + $query = "UPDATE #__session" + . "\n SET time = " . $this->_db->Quote( $current_time ) +- . "\n WHERE session_id = " . $this->_db->Quote( $session_id ) ++ . "\n , session_id = " . $this->_db->Quote( session_id() ) ++ . "\n WHERE session_id = " . $this->_db->Quote( $old_session_id ) + ; + $this->_db->setQuery( $query ); + $this->_db->query(); +@@ -804,7 +817,7 @@ + // check against db record of session + $query = "SELECT COUNT( session_id )" + . "\n FROM #__session" +- . "\n WHERE session_id = " . $this->_db->Quote( $session_id ) ++ . "\n WHERE session_id = " . $this->_db->Quote( session_id() ) + . "\n AND username = ". $this->_db->Quote( $my->username ) + . "\n AND userid = ". intval( $my->id ) + ; +@@ -860,7 +873,7 @@ + $_SESSION['task'] = $task; + } + } +- } else if ($session_id == '') { ++ } else if ($old_session_id == '') { + // no session_id as user has not attempted to login, or session.auto_start is switched on + if (ini_get( 'session.auto_start' ) || !ini_get( 'session.use_cookies' )) { + echo "<script>document.location.href='index.php?mosmsg=You need to login. If PHP\'s session.auto_start setting is on or session.use_cookies setting is off, you may need to correct this before you will be able to login.'</script>\n"; +@@ -2478,6 +2491,9 @@ + return false; + } + ++ $ignoreList = array('description'); ++ $this->filter($ignoreList); ++ + // check for existing name + $query = "SELECT id" + . "\n FROM #__categories " +@@ -2544,6 +2560,10 @@ + $this->_error = "Your Section must have a name."; + return false; + } ++ ++ $ignoreList = array('description'); ++ $this->filter($ignoreList); ++ + // check for existing name + $query = "SELECT id" + . "\n FROM #__sections " +@@ -2742,6 +2762,10 @@ + function check() { + $this->id = (int) $this->id; + $this->params = (string) trim( $this->params . ' ' ); ++ ++ $ignoreList = array( 'link' ); ++ $this->filter( $ignoreList ); ++ + return true; + } + } +@@ -3152,6 +3176,10 @@ + $msg = $iFilter->process( $msg ); + } + ++ // Strip out any line breaks and throw away the rest ++ $url = preg_split("/[\r\n]/", $url); ++ $url = $url[0]; ++ + if ($iFilter->badAttributeValue( array( 'href', $url ))) { + $url = $GLOBALS['mosConfig_live_site']; + } hunk ./source/network-extra/joomla/FrugalBuild 6 -pkgrel=1 +pkgrel=2terminus1 hunk ./source/network-extra/joomla/FrugalBuild 14 -source=(http://ftp.frugalware.org/pub/other/sources/joomla/Joomla_"$pkgver"-Stable-Full_Package.tar.gz joomlasetup README.Frugalware) +source=(http://ftp.frugalware.org/pub/other/sources/joomla/Joomla_"$pkgver"-Stable-Full_Package.tar.gz joomlasetup README.Frugalware 7832.diff) hunk ./source/network-extra/joomla/FrugalBuild 17 + patch -p1 < 7832.diff || Fdie hunk ./source/network-extra/joomla/FrugalBuild 30 - 'c079d041113ca5302340955027a5e313bee47f4a') + 'c079d041113ca5302340955027a5e313bee47f4a' \ + 'f10b9f0c2b6e6bfe36574cfd6851ed300ea438e9') } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs