[Phpgroupware-cvs] [21271] Fixing a fix for bug #5313, which is not working in case your install didn' t have any anonymous account
Revision: 21271 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21271 Author: Caeies Date: 2010-06-02 13:13:53 + (Wed, 02 Jun 2010) Log Message: --- Fixing a fix for bug #5313, which is not working in case your install didn't have any anonymous account Ticket Links: :--- http://savannah.gnu.org/bugs/?5313 Modified Paths: -- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG === --- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 12:06:42 UTC (rev 21270) +++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 13:13:53 UTC (rev 21271) @@ -4,8 +4,9 @@ phpgwapi : - fix the crypto class to avoid a problem with empty strings generated by tabs in addressbook. This is a follow up of the previous security fix. + - fix a problem occuring on site offering demos with non anonymous accounts ... this is the case of opencms. + Not sure if this is a good practice or not. Need to be discussed. - [0.9.16.016] Security Fixes, Most Credits go to VUPEN Security for pointing them out : - CVE-2010-0403 Local file inclusion. Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php === --- modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php 2010-06-02 12:06:42 UTC (rev 21270) +++ modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php 2010-06-02 13:13:53 UTC (rev 21271) @@ -646,9 +646,9 @@ if ( !$blocked && ($false_id = $this->db->f(0)) >= $GLOBALS['phpgw_info']['server']['num_unsuccessful_id']) { $acct_id = $GLOBALS['phpgw']->accounts->name2id($login); - $anon_users = array_flip($GLOBALS['phpgw']->acl->get_ids_for_location('anonymous',1,'phpgwapi')); + $anon_users = $GLOBALS['phpgw']->acl->get_ids_for_location('anonymous',1,'phpgwapi'); //echo "acct_id == $acct_idanon_users" . print_r($anon_users, true) . 'in_array == ' . intval( !is_array($anon_users) || !isset($anon_users[$acct_id]) ); - if ( !is_array($anon_users) || !isset($anon_users[$acct_id]) ) + if ( !is_array($anon_users) || (($anon_users = array_flip($anon_users)) && !isset($anon_users[$acct_id])) ) { //echo "login_blocked: login='$login' ".$this->db->f(0)." tries (".$GLOBALS['phpgw_info']['server']['num_unsuccessful_id']." max.) since ".date('Y/m/d H:i',$block_time)."\n"; $blocked = True; ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21270] Reverting back a debug statement :(
Revision: 21270 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21270 Author: Caeies Date: 2010-06-02 12:06:42 + (Wed, 02 Jun 2010) Log Message: --- Reverting back a debug statement :( Modified Paths: -- modules/phpgwapi/tags/version_0_9_16-016/inc/class.crypto.inc.php Modified: modules/phpgwapi/tags/version_0_9_16-016/inc/class.crypto.inc.php === --- modules/phpgwapi/tags/version_0_9_16-016/inc/class.crypto.inc.php 2010-06-02 12:04:26 UTC (rev 21269) +++ modules/phpgwapi/tags/version_0_9_16-016/inc/class.crypto.inc.php 2010-06-02 12:06:42 UTC (rev 21270) @@ -18,7 +18,7 @@ class crypto { var $enabled = False; - var $debug = True; + var $debug = False; var $mcrypt_version = ''; var $algo = MCRYPT_TRIPLEDES; ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21269] Reverting back a debug statement :(
Revision: 21269 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21269 Author: Caeies Date: 2010-06-02 12:04:26 + (Wed, 02 Jun 2010) Log Message: --- Reverting back a debug statement :( Modified Paths: -- modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php === --- modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php 2010-06-02 11:50:23 UTC (rev 21268) +++ modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php 2010-06-02 12:04:26 UTC (rev 21269) @@ -18,7 +18,7 @@ class crypto { var $enabled = False; - var $debug = True; + var $debug = False; var $mcrypt_version = ''; var $algo = MCRYPT_TRIPLEDES; ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21268] Adding two scripts to help building packages from svn
Revision: 21268 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21268 Author: Caeies Date: 2010-06-02 11:50:23 + (Wed, 02 Jun 2010) Log Message: --- Adding two scripts to help building packages from svn Modified Paths: -- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG Added Paths: --- core/branches/branch_0_9_16/doc/preparing_svn_packages.sh core/branches/branch_0_9_16/doc/preparing_svn_tags.sh Added: core/branches/branch_0_9_16/doc/preparing_svn_packages.sh === --- core/branches/branch_0_9_16/doc/preparing_svn_packages.sh (rev 0) +++ core/branches/branch_0_9_16/doc/preparing_svn_packages.sh 2010-06-02 11:50:23 UTC (rev 21268) @@ -0,0 +1,19 @@ +#!/bin/bash +# This script is used to prepare our tarball for release + +#Remove this if you want to use it on your server +exit 0 + +TAG=$1 + +svn export --ignore-externals http://svn.savannah.gnu.org/svn/phpgroupware/core/tags/version_0_9_16-$TAG/ phpgroupware-0.9.16.$TAG + +for mod in $(svn ls http://svn.savannah.gnu.org/svn/phpgroupware/modules/); +do +svn export http://svn.savannah.gnu.org/svn/phpgroupware/modules/$mod/tags/version_0_9_16-$TAG phpgroupware-0.9.16.$TAG/$mod +done + +tar cf phpgroupware-0.9.16.$TAG.tar phpgroupware-0.9.16.$TAG +zip -r -9 phpgroupware-0.9.16.$TAG.zip phpgroupware-0.9.16.$TAG +bzip2 -k -9 phpgroupware-0.9.16.$TAG.tar +gzip -9 phpgroupware-0.9.16.$TAG.tar Added: core/branches/branch_0_9_16/doc/preparing_svn_tags.sh === --- core/branches/branch_0_9_16/doc/preparing_svn_tags.sh (rev 0) +++ core/branches/branch_0_9_16/doc/preparing_svn_tags.sh 2010-06-02 11:50:23 UTC (rev 21268) @@ -0,0 +1,19 @@ +#!/bin/bash +# This script is used to prepare the tagging of our svn repository + +# Remove this if you want to use it on your server +exit 0 + +TAG=$1 +MESSAGE="Preparing the 0.9.16.$TAG release" +TAGNAME=version_0_9_16-$TAG + +svn cp -m "$MESSAGE" svn+ssh://svn.savannah.gnu.org/phpgroupware/core/branches/branch_0_9_16 svn+ssh://svn.savannah.gnu.org/phpgroupware/core/tags/$TAGNAME + +for mod in $(svn ls svn+ssh://svn.savannah.gnu.org/phpgroupware/modules/); +do +svn cp -m "$MESSAGE" svn+ssh://svn.savannah.gnu.org/phpgroupware/modules/$mod/branches/branch_0_9_16 svn+ssh://svn.savannah.gnu.org/phpgroupware/modules/$mod/tags/version_0_9_16-$TAG +done + +exit 0 + Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG === --- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 10:07:38 UTC (rev 21267) +++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 11:50:23 UTC (rev 21268) @@ -1,8 +1,11 @@ [0.9.16.017] + General : adding to scripts to help building packages in this branch. + phpgwapi : - fix the crypto class to avoid a problem with empty strings generated by tabs in addressbook. This is a follow up of the previous security fix. + [0.9.16.016] Security Fixes, Most Credits go to VUPEN Security for pointing them out : - CVE-2010-0403 Local file inclusion. ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21267] updating changelog for the next version
Revision: 21267 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21267 Author: Caeies Date: 2010-06-02 10:07:38 + (Wed, 02 Jun 2010) Log Message: --- updating changelog for the next version Modified Paths: -- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG === --- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 10:05:21 UTC (rev 21266) +++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 10:07:38 UTC (rev 21267) @@ -1,3 +1,8 @@ +[0.9.16.017] + phpgwapi : + - fix the crypto class to avoid a problem with empty strings generated by tabs in addressbook. + This is a follow up of the previous security fix. + [0.9.16.016] Security Fixes, Most Credits go to VUPEN Security for pointing them out : - CVE-2010-0403 Local file inclusion. ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21266] Fixing the tab system in addressbook (mainly)
Revision: 21266 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21266 Author: Caeies Date: 2010-06-02 10:05:21 + (Wed, 02 Jun 2010) Log Message: --- Fixing the tab system in addressbook (mainly) Modified Paths: -- modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php === --- modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php 2010-06-02 09:33:55 UTC (rev 21265) +++ modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php 2010-06-02 10:05:21 UTC (rev 21266) @@ -223,7 +223,7 @@ echo '' . time() . ' crypto->decrypt() decrypted data: ' . $data; } $test = stripslashes($data); - if(@unserialize($test)) + if(@unserialize($test) !== False) { if($this->debug) { ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21263] Preparing the 0.9.16.016 release
Revision: 21263 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21263 Author: Caeies Date: 2010-06-02 09:33:28 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/tts/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21262] Preparing the 0.9.16.016 release
Revision: 21262 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21262 Author: Caeies Date: 2010-06-02 09:33:22 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/todo/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21259] Preparing the 0.9.16.016 release
Revision: 21259 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21259 Author: Caeies Date: 2010-06-02 09:32:41 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/skel/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21256] Preparing the 0.9.16.016 release
Revision: 21256 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21256 Author: Caeies Date: 2010-06-02 09:32:24 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/registration/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21244] Preparing the 0.9.16.016 release
Revision: 21244 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21244 Author: Caeies Date: 2010-06-02 09:30:49 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/messenger/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21265] Preparing the 0.9.16.016 release
Revision: 21265 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21265 Author: Caeies Date: 2010-06-02 09:33:55 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/xmlrpc/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21237] Preparing the 0.9.16.016 release
Revision: 21237 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21237 Author: Caeies Date: 2010-06-02 09:29:35 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/ftp/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21264] Preparing the 0.9.16.016 release
Revision: 21264 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21264 Author: Caeies Date: 2010-06-02 09:33:46 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/wiki/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21261] Preparing the 0.9.16.016 release
Revision: 21261 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21261 Author: Caeies Date: 2010-06-02 09:32:57 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/stocks/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21260] Preparing the 0.9.16.016 release
Revision: 21260 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21260 Author: Caeies Date: 2010-06-02 09:32:51 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/soap/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21258] Preparing the 0.9.16.016 release
Revision: 21258 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21258 Author: Caeies Date: 2010-06-02 09:32:36 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/sitemgr/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21257] Preparing the 0.9.16.016 release
Revision: 21257 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21257 Author: Caeies Date: 2010-06-02 09:32:30 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/setup/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21255] Preparing the 0.9.16.016 release
Revision: 21255 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21255 Author: Caeies Date: 2010-06-02 09:32:11 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/qmailldap/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21251] Preparing the 0.9.16.016 release
Revision: 21251 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21251 Author: Caeies Date: 2010-06-02 09:31:45 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/phpsysinfo/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21254] Preparing the 0.9.16.016 release
Revision: 21254 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21254 Author: Caeies Date: 2010-06-02 09:32:02 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/projects/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21245] Preparing the 0.9.16.016 release
Revision: 21245 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21245 Author: Caeies Date: 2010-06-02 09:30:59 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/news_admin/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21238] Preparing the 0.9.16.016 release
Revision: 21238 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21238 Author: Caeies Date: 2010-06-02 09:29:40 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/fudforum/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21253] Preparing the 0.9.16.016 release
Revision: 21253 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21253 Author: Caeies Date: 2010-06-02 09:31:56 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/preferences/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21252] Preparing the 0.9.16.016 release
Revision: 21252 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21252 Author: Caeies Date: 2010-06-02 09:31:51 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/polls/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21250] Preparing the 0.9.16.016 release
Revision: 21250 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21250 Author: Caeies Date: 2010-06-02 09:31:37 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/phpgwapi/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21249] Preparing the 0.9.16.016 release
Revision: 21249 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21249 Author: Caeies Date: 2010-06-02 09:31:31 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/phpbrain/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21248] Preparing the 0.9.16.016 release
Revision: 21248 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21248 Author: Caeies Date: 2010-06-02 09:31:21 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/phonelog/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21246] Preparing the 0.9.16.016 release
Revision: 21246 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21246 Author: Caeies Date: 2010-06-02 09:31:05 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/nntp/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21247] Preparing the 0.9.16.016 release
Revision: 21247 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21247 Author: Caeies Date: 2010-06-02 09:31:11 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/notes/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21243] Preparing the 0.9.16.016 release
Revision: 21243 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21243 Author: Caeies Date: 2010-06-02 09:30:36 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/manual/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21242] Preparing the 0.9.16.016 release
Revision: 21242 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21242 Author: Caeies Date: 2010-06-02 09:30:29 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/javassh/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21241] Preparing the 0.9.16.016 release
Revision: 21241 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21241 Author: Caeies Date: 2010-06-02 09:30:15 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/infolog/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21240] Preparing the 0.9.16.016 release
Revision: 21240 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21240 Author: Caeies Date: 2010-06-02 09:30:08 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/img/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21239] Preparing the 0.9.16.016 release
Revision: 21239 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21239 Author: Caeies Date: 2010-06-02 09:29:50 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/headlines/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21236] Preparing the 0.9.16.016 release
Revision: 21236 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21236 Author: Caeies Date: 2010-06-02 09:29:29 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/forum/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21235] Preparing the 0.9.16.016 release
Revision: 21235 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21235 Author: Caeies Date: 2010-06-02 09:29:24 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/folders/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21234] Preparing the 0.9.16.016 release
Revision: 21234 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21234 Author: Caeies Date: 2010-06-02 09:29:14 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/filemanager/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21233] Preparing the 0.9.16.016 release
Revision: 21233 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21233 Author: Caeies Date: 2010-06-02 09:29:07 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/felamimail/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21231] Preparing the 0.9.16.016 release
Revision: 21231 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21231 Author: Caeies Date: 2010-06-02 09:28:52 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/email/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21232] Preparing the 0.9.16.016 release
Revision: 21232 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21232 Author: Caeies Date: 2010-06-02 09:28:58 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/etemplate/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21230] Preparing the 0.9.16.016 release
Revision: 21230 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21230 Author: Caeies Date: 2010-06-02 09:28:47 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/eldaptir/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21229] Preparing the 0.9.16.016 release
Revision: 21229 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21229 Author: Caeies Date: 2010-06-02 09:28:38 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/dj/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21228] Preparing the 0.9.16.016 release
Revision: 21228 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21228 Author: Caeies Date: 2010-06-02 09:28:33 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/developer_tools/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21227] Preparing the 0.9.16.016 release
Revision: 21227 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21227 Author: Caeies Date: 2010-06-02 09:28:19 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/comic/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21226] Preparing the 0.9.16.016 release
Revision: 21226 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21226 Author: Caeies Date: 2010-06-02 09:28:13 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/chora/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21225] Preparing the 0.9.16.016 release
Revision: 21225 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21225 Author: Caeies Date: 2010-06-02 09:28:08 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/chat/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21224] Preparing the 0.9.16.016 release
Revision: 21224 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21224 Author: Caeies Date: 2010-06-02 09:27:57 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/calendar/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21223] Preparing the 0.9.16.016 release
Revision: 21223 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21223 Author: Caeies Date: 2010-06-02 09:27:52 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/bookmarks/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21222] Preparing the 0.9.16.016 release
Revision: 21222 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21222 Author: Caeies Date: 2010-06-02 09:27:32 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/admin/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21221] Preparing the 0.9.16.016 release
Revision: 21221 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21221 Author: Caeies Date: 2010-06-02 09:27:27 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/addressbook/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21220] Preparing the 0.9.16.016 release
Revision: 21220 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21220 Author: Caeies Date: 2010-06-02 09:26:42 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- core/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21219] Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release
Revision: 21219 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21219 Author: Caeies Date: 2010-06-02 09:22:22 + (Wed, 02 Jun 2010) Log Message: --- Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release Modified Paths: -- modules/admin/branches/branch_0_9_16/inc/class.boaccounts.inc.php Modified: modules/admin/branches/branch_0_9_16/inc/class.boaccounts.inc.php === --- modules/admin/branches/branch_0_9_16/inc/class.boaccounts.inc.php 2010-06-02 09:21:59 UTC (rev 21218) +++ modules/admin/branches/branch_0_9_16/inc/class.boaccounts.inc.php 2010-06-02 09:22:22 UTC (rev 21219) @@ -715,7 +715,11 @@ $error[$totalerrors] = lang('You must enter a loginid'); $totalerrors++; } - + if(!sanitize($_userData['account_lid'], 'alphanumeric')) + { + $error[$totalerrors] = lang('The login should be alphanumeric only!'); + $totalerrors++; + } if ($_userData['old_loginid'] != $_userData['account_lid']) { if ($GLOBALS['phpgw']->accounts->exists($_userData['account_lid'])) ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21218] Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release
Revision: 21218 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21218 Author: Caeies Date: 2010-06-02 09:21:59 + (Wed, 02 Jun 2010) Log Message: --- Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release Modified Paths: -- modules/preferences/branches/branch_0_9_16/inc/class.uiaclprefs.inc.php Modified: modules/preferences/branches/branch_0_9_16/inc/class.uiaclprefs.inc.php === --- modules/preferences/branches/branch_0_9_16/inc/class.uiaclprefs.inc.php 2010-06-02 09:21:48 UTC (rev 21217) +++ modules/preferences/branches/branch_0_9_16/inc/class.uiaclprefs.inc.php 2010-06-02 09:21:59 UTC (rev 21218) @@ -25,7 +25,7 @@ function index() { - $acl_app= get_var('acl_app',array('POST','GET')); + $acl_app= reg_var('acl_app',array('POST','GET'), 'string', False, False); $start = get_var('start',array('POST','GET')); $query = get_var('query',array('POST','GET')); $s_groups = get_var('s_groups',array('POST','GET')); ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21217] Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release
Revision: 21217 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21217 Author: Caeies Date: 2010-06-02 09:21:48 + (Wed, 02 Jun 2010) Log Message: --- Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release Modified Paths: -- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sql.inc.php modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sqlssl.inc.php modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions_db.inc.php modules/phpgwapi/branches/branch_0_9_16/inc/class.translation_sql.inc.php modules/phpgwapi/branches/branch_0_9_16/inc/common_functions.inc.php modules/phpgwapi/branches/branch_0_9_16/inc/functions.inc.php modules/phpgwapi/branches/branch_0_9_16/setup/setup.inc.php Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG === --- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 09:19:57 UTC (rev 21216) +++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 09:21:48 UTC (rev 21217) @@ -1,4 +1,8 @@ [0.9.16.016] + Security Fixes, Most Credits go to VUPEN Security for pointing them out : + - CVE-2010-0403 Local file inclusion. + - CVE-2010-0404 Multiple SQL injection. + phpgwapi : - fix the session not listed in case of using php4 session (which is recommanded). Fixing #23386 - fix the Port for postgresql in case of not using the default one. Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sql.inc.php === --- modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sql.inc.php 2010-06-02 09:19:57 UTC (rev 21216) +++ modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sql.inc.php 2010-06-02 09:21:48 UTC (rev 21217) @@ -32,7 +32,7 @@ function authenticate($username, $passwd, $passwd_type) { $db = $GLOBALS['phpgw']->db; - + $username = $db->db_addslashes($username); if ($passwd_type == 'text') { $_passwd = md5($passwd); Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sqlssl.inc.php === --- modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sqlssl.inc.php 2010-06-02 09:19:57 UTC (rev 21216) +++ modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sqlssl.inc.php 2010-06-02 09:21:48 UTC (rev 21217) @@ -24,7 +24,7 @@ function authenticate($username, $passwd) { $db = $GLOBALS['phpgw']->db; - + $username = $db->db_addslashes($username); $local_debug = False; if($local_debug) @@ -46,7 +46,7 @@ { // use username only for authentication, ignore X.509 subject in $passwd for now $db->query('SELECT * FROM phpgw_accounts' - . " WHERE account_lid = '" . $db->db_addslashes($username) . "'" + . " WHERE account_lid = '$username'" . "AND account_status ='A'",__LINE__,__FILE__); $db->next_record(); } Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php === --- modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php 2010-06-02 09:19:57 UTC (rev 21216) +++ modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php 2010-06-02 09:21:48 UTC (rev 21217) @@ -18,7 +18,7 @@ class crypto { var $enabled = False; - var $debug = False; + var $debug = True; var $mcrypt_version = ''; var $algo = MCRYPT_TRIPLEDES; @@ -125,8 +125,13 @@ echo '' . time() . ' crypto->encrypt() unencrypted data: ' . $data . "\n"; } - if(is_array($data) || is_object($data)) + //XXX CAEIES : always serialize datas to catch wrong keys. + //if(is_array($data) || is_object($data)) + if($data === False) { + $data = 'BoolFalse'; + } + { if($this->debug
[Phpgroupware-cvs] [21216] Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release
Revision: 21216 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21216 Author: Caeies Date: 2010-06-02 09:19:57 + (Wed, 02 Jun 2010) Log Message: --- Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release Modified Paths: -- core/branches/branch_0_9_16/login.php Modified: core/branches/branch_0_9_16/login.php === --- core/branches/branch_0_9_16/login.php 2010-06-02 09:15:48 UTC (rev 21215) +++ core/branches/branch_0_9_16/login.php 2010-06-02 09:19:57 UTC (rev 21216) @@ -120,6 +120,9 @@ return '' . lang('Your session could not be verified.') . ''; break; + case 75: + return '' . lang('Corrupted session data') . ''; + break; default: return ' '; } ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21215] Fixing CVE-2010-0403
Revision: 21215 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21215 Author: Caeies Date: 2010-06-02 09:15:48 + (Wed, 02 Jun 2010) Log Message: --- Fixing CVE-2010-0403 Modified Paths: -- core/branches/branch_0_9_16/about.php Modified: core/branches/branch_0_9_16/about.php === --- core/branches/branch_0_9_16/about.php 2010-05-05 14:05:10 UTC (rev 21214) +++ core/branches/branch_0_9_16/about.php 2010-06-02 09:15:48 UTC (rev 21215) @@ -16,7 +16,7 @@ include('header.inc.php'); $app = $_GET['app']; - if ($app) + if ($app && isset($GLOBALS['phpgw_info']['apps'][$app])) { if (!($included = $GLOBALS['phpgw']->hooks->single('about',$app))) { ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs