Reviewed: https://reviews.mahara.org/6679 Committed: https://git.mahara.org/mahara/mahara/commit/9d7701e80b24bdbaccb77ae7730ae9c504d1143b Submitter: Robert Lyon ([email protected]) Branch: 15.04_STABLE
commit 9d7701e80b24bdbaccb77ae7730ae9c504d1143b Author: Son Nguyen <[email protected]> Date: Thu Oct 22 10:55:40 2015 +1300 Make sure imported custom skin xml entries are clean. Bug 1508684 behatnotneeded Change-Id: I2e597d5931391e731baefa46d5f9d9ca2059ee10 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1508684 Title: Unserialize untrusted data when importing skins Status in Mahara: Fix Committed Status in Mahara 15.04 series: Fix Committed Status in Mahara 15.10 series: Fix Committed Status in Mahara 16.04 series: Fix Committed Bug description: Version: 1.10, 15.04. 15.10, master Platform: any There is a unserialize vulnerability in skin import function see line 200 in htdocs/skin/import.php When importing the attached skin, you will see the error: [WAR] ce (lib/web.php:3684) Object of class __PHP_Incomplete_Class could not be converted to string Call stack (most recent first): log_message("Object of class __PHP_Incomplete_Class could not b...", 8, true, true, "/var/www/mahara/master/htdocs/lib/web.php", 3684) at /var/www/mahara/master/htdocs/lib/errors.php:441 error(4096, "Object of class __PHP_Incomplete_Class could not b...", "/var/www/mahara/master/htdocs/lib/web.php", 3684, array(size 5)) at /var/www/mahara/master/htdocs/lib/web.php:3684 clean_css(object(__PHP_Incomplete_Class), true) at /var/www/mahara/master/htdocs/skin/import.php:200 importskinform_submit(object(Pieform), array(size 4)) at Unknown:0 call_user_func_array("importskinform_submit", array(size 2)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:537 Pieform->__construct(array(size 4)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:164 Pieform::process(array(size 4)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:71 pieform(array(size 4)) at /var/www/mahara/master/htdocs/skin/import.php:64 To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1508684/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
