[Phpgroupware-cvs] [21271] Fixing a fix for bug #5313, which is not working in case your install didn' t have any anonymous account
Revision: 21271
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21271
Author: Caeies
Date: 2010-06-02 13:13:53 + (Wed, 02 Jun 2010)
Log Message:
---
Fixing a fix for bug #5313, which is not working in case your install didn't
have any anonymous account
Ticket Links:
:---
http://savannah.gnu.org/bugs/?5313
Modified Paths:
--
modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG
modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG
===
--- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02
12:06:42 UTC (rev 21270)
+++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02
13:13:53 UTC (rev 21271)
@@ -4,8 +4,9 @@
phpgwapi :
- fix the crypto class to avoid a problem with empty strings
generated by tabs in addressbook.
This is a follow up of the previous security fix.
+ - fix a problem occuring on site offering demos with non
anonymous accounts ... this is the case of opencms.
+ Not sure if this is a good practice or not. Need to be
discussed.
-
[0.9.16.016]
Security Fixes, Most Credits go to VUPEN Security for pointing them out
:
- CVE-2010-0403 Local file inclusion.
Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
===
--- modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
2010-06-02 12:06:42 UTC (rev 21270)
+++ modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
2010-06-02 13:13:53 UTC (rev 21271)
@@ -646,9 +646,9 @@
if ( !$blocked && ($false_id = $this->db->f(0)) >=
$GLOBALS['phpgw_info']['server']['num_unsuccessful_id'])
{
$acct_id =
$GLOBALS['phpgw']->accounts->name2id($login);
- $anon_users =
array_flip($GLOBALS['phpgw']->acl->get_ids_for_location('anonymous',1,'phpgwapi'));
+ $anon_users =
$GLOBALS['phpgw']->acl->get_ids_for_location('anonymous',1,'phpgwapi');
//echo "acct_id == $acct_idanon_users" . print_r($anon_users, true) . 'in_array == ' .
intval( !is_array($anon_users) || !isset($anon_users[$acct_id]) );
- if ( !is_array($anon_users) ||
!isset($anon_users[$acct_id]) )
+ if ( !is_array($anon_users) || (($anon_users =
array_flip($anon_users)) && !isset($anon_users[$acct_id])) )
{
//echo "login_blocked:
login='$login' ".$this->db->f(0)." tries
(".$GLOBALS['phpgw_info']['server']['num_unsuccessful_id']." max.) since
".date('Y/m/d H:i',$block_time)."\n";
$blocked = True;
___
phpGroupWare-cvs mailing list
phpGroupWare-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21270] Reverting back a debug statement :(
Revision: 21270
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21270
Author: Caeies
Date: 2010-06-02 12:06:42 + (Wed, 02 Jun 2010)
Log Message:
---
Reverting back a debug statement :(
Modified Paths:
--
modules/phpgwapi/tags/version_0_9_16-016/inc/class.crypto.inc.php
Modified: modules/phpgwapi/tags/version_0_9_16-016/inc/class.crypto.inc.php
===
--- modules/phpgwapi/tags/version_0_9_16-016/inc/class.crypto.inc.php
2010-06-02 12:04:26 UTC (rev 21269)
+++ modules/phpgwapi/tags/version_0_9_16-016/inc/class.crypto.inc.php
2010-06-02 12:06:42 UTC (rev 21270)
@@ -18,7 +18,7 @@
class crypto
{
var $enabled = False;
- var $debug = True;
+ var $debug = False;
var $mcrypt_version = '';
var $algo = MCRYPT_TRIPLEDES;
___
phpGroupWare-cvs mailing list
phpGroupWare-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21269] Reverting back a debug statement :(
Revision: 21269
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21269
Author: Caeies
Date: 2010-06-02 12:04:26 + (Wed, 02 Jun 2010)
Log Message:
---
Reverting back a debug statement :(
Modified Paths:
--
modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
===
--- modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
2010-06-02 11:50:23 UTC (rev 21268)
+++ modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
2010-06-02 12:04:26 UTC (rev 21269)
@@ -18,7 +18,7 @@
class crypto
{
var $enabled = False;
- var $debug = True;
+ var $debug = False;
var $mcrypt_version = '';
var $algo = MCRYPT_TRIPLEDES;
___
phpGroupWare-cvs mailing list
phpGroupWare-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21268] Adding two scripts to help building packages from svn
Revision: 21268 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21268 Author: Caeies Date: 2010-06-02 11:50:23 + (Wed, 02 Jun 2010) Log Message: --- Adding two scripts to help building packages from svn Modified Paths: -- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG Added Paths: --- core/branches/branch_0_9_16/doc/preparing_svn_packages.sh core/branches/branch_0_9_16/doc/preparing_svn_tags.sh Added: core/branches/branch_0_9_16/doc/preparing_svn_packages.sh === --- core/branches/branch_0_9_16/doc/preparing_svn_packages.sh (rev 0) +++ core/branches/branch_0_9_16/doc/preparing_svn_packages.sh 2010-06-02 11:50:23 UTC (rev 21268) @@ -0,0 +1,19 @@ +#!/bin/bash +# This script is used to prepare our tarball for release + +#Remove this if you want to use it on your server +exit 0 + +TAG=$1 + +svn export --ignore-externals http://svn.savannah.gnu.org/svn/phpgroupware/core/tags/version_0_9_16-$TAG/ phpgroupware-0.9.16.$TAG + +for mod in $(svn ls http://svn.savannah.gnu.org/svn/phpgroupware/modules/); +do +svn export http://svn.savannah.gnu.org/svn/phpgroupware/modules/$mod/tags/version_0_9_16-$TAG phpgroupware-0.9.16.$TAG/$mod +done + +tar cf phpgroupware-0.9.16.$TAG.tar phpgroupware-0.9.16.$TAG +zip -r -9 phpgroupware-0.9.16.$TAG.zip phpgroupware-0.9.16.$TAG +bzip2 -k -9 phpgroupware-0.9.16.$TAG.tar +gzip -9 phpgroupware-0.9.16.$TAG.tar Added: core/branches/branch_0_9_16/doc/preparing_svn_tags.sh === --- core/branches/branch_0_9_16/doc/preparing_svn_tags.sh (rev 0) +++ core/branches/branch_0_9_16/doc/preparing_svn_tags.sh 2010-06-02 11:50:23 UTC (rev 21268) @@ -0,0 +1,19 @@ +#!/bin/bash +# This script is used to prepare the tagging of our svn repository + +# Remove this if you want to use it on your server +exit 0 + +TAG=$1 +MESSAGE="Preparing the 0.9.16.$TAG release" +TAGNAME=version_0_9_16-$TAG + +svn cp -m "$MESSAGE" svn+ssh://svn.savannah.gnu.org/phpgroupware/core/branches/branch_0_9_16 svn+ssh://svn.savannah.gnu.org/phpgroupware/core/tags/$TAGNAME + +for mod in $(svn ls svn+ssh://svn.savannah.gnu.org/phpgroupware/modules/); +do +svn cp -m "$MESSAGE" svn+ssh://svn.savannah.gnu.org/phpgroupware/modules/$mod/branches/branch_0_9_16 svn+ssh://svn.savannah.gnu.org/phpgroupware/modules/$mod/tags/version_0_9_16-$TAG +done + +exit 0 + Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG === --- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 10:07:38 UTC (rev 21267) +++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 11:50:23 UTC (rev 21268) @@ -1,8 +1,11 @@ [0.9.16.017] + General : adding to scripts to help building packages in this branch. + phpgwapi : - fix the crypto class to avoid a problem with empty strings generated by tabs in addressbook. This is a follow up of the previous security fix. + [0.9.16.016] Security Fixes, Most Credits go to VUPEN Security for pointing them out : - CVE-2010-0403 Local file inclusion. ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21267] updating changelog for the next version
Revision: 21267 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21267 Author: Caeies Date: 2010-06-02 10:07:38 + (Wed, 02 Jun 2010) Log Message: --- updating changelog for the next version Modified Paths: -- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG === --- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 10:05:21 UTC (rev 21266) +++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02 10:07:38 UTC (rev 21267) @@ -1,3 +1,8 @@ +[0.9.16.017] + phpgwapi : + - fix the crypto class to avoid a problem with empty strings generated by tabs in addressbook. + This is a follow up of the previous security fix. + [0.9.16.016] Security Fixes, Most Credits go to VUPEN Security for pointing them out : - CVE-2010-0403 Local file inclusion. ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21266] Fixing the tab system in addressbook (mainly)
Revision: 21266
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21266
Author: Caeies
Date: 2010-06-02 10:05:21 + (Wed, 02 Jun 2010)
Log Message:
---
Fixing the tab system in addressbook (mainly)
Modified Paths:
--
modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
===
--- modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
2010-06-02 09:33:55 UTC (rev 21265)
+++ modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
2010-06-02 10:05:21 UTC (rev 21266)
@@ -223,7 +223,7 @@
echo '' . time() . '
crypto->decrypt() decrypted data: ' . $data;
}
$test = stripslashes($data);
- if(@unserialize($test))
+ if(@unserialize($test) !== False)
{
if($this->debug)
{
___
phpGroupWare-cvs mailing list
phpGroupWare-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21263] Preparing the 0.9.16.016 release
Revision: 21263 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21263 Author: Caeies Date: 2010-06-02 09:33:28 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/tts/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21262] Preparing the 0.9.16.016 release
Revision: 21262 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21262 Author: Caeies Date: 2010-06-02 09:33:22 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/todo/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21259] Preparing the 0.9.16.016 release
Revision: 21259 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21259 Author: Caeies Date: 2010-06-02 09:32:41 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/skel/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21256] Preparing the 0.9.16.016 release
Revision: 21256 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21256 Author: Caeies Date: 2010-06-02 09:32:24 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/registration/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21244] Preparing the 0.9.16.016 release
Revision: 21244 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21244 Author: Caeies Date: 2010-06-02 09:30:49 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/messenger/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21265] Preparing the 0.9.16.016 release
Revision: 21265 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21265 Author: Caeies Date: 2010-06-02 09:33:55 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/xmlrpc/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21237] Preparing the 0.9.16.016 release
Revision: 21237 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21237 Author: Caeies Date: 2010-06-02 09:29:35 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/ftp/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21264] Preparing the 0.9.16.016 release
Revision: 21264 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21264 Author: Caeies Date: 2010-06-02 09:33:46 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/wiki/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21261] Preparing the 0.9.16.016 release
Revision: 21261 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21261 Author: Caeies Date: 2010-06-02 09:32:57 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/stocks/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21260] Preparing the 0.9.16.016 release
Revision: 21260 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21260 Author: Caeies Date: 2010-06-02 09:32:51 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/soap/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21258] Preparing the 0.9.16.016 release
Revision: 21258 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21258 Author: Caeies Date: 2010-06-02 09:32:36 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/sitemgr/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21257] Preparing the 0.9.16.016 release
Revision: 21257 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21257 Author: Caeies Date: 2010-06-02 09:32:30 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/setup/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21255] Preparing the 0.9.16.016 release
Revision: 21255 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21255 Author: Caeies Date: 2010-06-02 09:32:11 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/qmailldap/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21251] Preparing the 0.9.16.016 release
Revision: 21251 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21251 Author: Caeies Date: 2010-06-02 09:31:45 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/phpsysinfo/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21254] Preparing the 0.9.16.016 release
Revision: 21254 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21254 Author: Caeies Date: 2010-06-02 09:32:02 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/projects/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21245] Preparing the 0.9.16.016 release
Revision: 21245 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21245 Author: Caeies Date: 2010-06-02 09:30:59 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/news_admin/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21238] Preparing the 0.9.16.016 release
Revision: 21238 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21238 Author: Caeies Date: 2010-06-02 09:29:40 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/fudforum/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21253] Preparing the 0.9.16.016 release
Revision: 21253 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21253 Author: Caeies Date: 2010-06-02 09:31:56 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/preferences/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21252] Preparing the 0.9.16.016 release
Revision: 21252 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21252 Author: Caeies Date: 2010-06-02 09:31:51 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/polls/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21250] Preparing the 0.9.16.016 release
Revision: 21250 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21250 Author: Caeies Date: 2010-06-02 09:31:37 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/phpgwapi/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21249] Preparing the 0.9.16.016 release
Revision: 21249 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21249 Author: Caeies Date: 2010-06-02 09:31:31 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/phpbrain/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21248] Preparing the 0.9.16.016 release
Revision: 21248 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21248 Author: Caeies Date: 2010-06-02 09:31:21 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/phonelog/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21246] Preparing the 0.9.16.016 release
Revision: 21246 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21246 Author: Caeies Date: 2010-06-02 09:31:05 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/nntp/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21247] Preparing the 0.9.16.016 release
Revision: 21247 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21247 Author: Caeies Date: 2010-06-02 09:31:11 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/notes/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21243] Preparing the 0.9.16.016 release
Revision: 21243 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21243 Author: Caeies Date: 2010-06-02 09:30:36 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/manual/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21242] Preparing the 0.9.16.016 release
Revision: 21242 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21242 Author: Caeies Date: 2010-06-02 09:30:29 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/javassh/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21241] Preparing the 0.9.16.016 release
Revision: 21241 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21241 Author: Caeies Date: 2010-06-02 09:30:15 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/infolog/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21240] Preparing the 0.9.16.016 release
Revision: 21240 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21240 Author: Caeies Date: 2010-06-02 09:30:08 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/img/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21239] Preparing the 0.9.16.016 release
Revision: 21239 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21239 Author: Caeies Date: 2010-06-02 09:29:50 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/headlines/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21236] Preparing the 0.9.16.016 release
Revision: 21236 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21236 Author: Caeies Date: 2010-06-02 09:29:29 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/forum/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21235] Preparing the 0.9.16.016 release
Revision: 21235 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21235 Author: Caeies Date: 2010-06-02 09:29:24 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/folders/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21234] Preparing the 0.9.16.016 release
Revision: 21234 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21234 Author: Caeies Date: 2010-06-02 09:29:14 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/filemanager/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21233] Preparing the 0.9.16.016 release
Revision: 21233 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21233 Author: Caeies Date: 2010-06-02 09:29:07 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/felamimail/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21231] Preparing the 0.9.16.016 release
Revision: 21231 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21231 Author: Caeies Date: 2010-06-02 09:28:52 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/email/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21232] Preparing the 0.9.16.016 release
Revision: 21232 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21232 Author: Caeies Date: 2010-06-02 09:28:58 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/etemplate/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21230] Preparing the 0.9.16.016 release
Revision: 21230 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21230 Author: Caeies Date: 2010-06-02 09:28:47 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/eldaptir/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21229] Preparing the 0.9.16.016 release
Revision: 21229 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21229 Author: Caeies Date: 2010-06-02 09:28:38 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/dj/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21228] Preparing the 0.9.16.016 release
Revision: 21228 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21228 Author: Caeies Date: 2010-06-02 09:28:33 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/developer_tools/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21227] Preparing the 0.9.16.016 release
Revision: 21227 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21227 Author: Caeies Date: 2010-06-02 09:28:19 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/comic/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21226] Preparing the 0.9.16.016 release
Revision: 21226 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21226 Author: Caeies Date: 2010-06-02 09:28:13 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/chora/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21225] Preparing the 0.9.16.016 release
Revision: 21225 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21225 Author: Caeies Date: 2010-06-02 09:28:08 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/chat/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21224] Preparing the 0.9.16.016 release
Revision: 21224 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21224 Author: Caeies Date: 2010-06-02 09:27:57 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/calendar/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21223] Preparing the 0.9.16.016 release
Revision: 21223 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21223 Author: Caeies Date: 2010-06-02 09:27:52 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/bookmarks/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21222] Preparing the 0.9.16.016 release
Revision: 21222 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21222 Author: Caeies Date: 2010-06-02 09:27:32 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/admin/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21221] Preparing the 0.9.16.016 release
Revision: 21221 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21221 Author: Caeies Date: 2010-06-02 09:27:27 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- modules/addressbook/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21220] Preparing the 0.9.16.016 release
Revision: 21220 http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21220 Author: Caeies Date: 2010-06-02 09:26:42 + (Wed, 02 Jun 2010) Log Message: --- Preparing the 0.9.16.016 release Added Paths: --- core/tags/version_0_9_16-016/ ___ phpGroupWare-cvs mailing list phpGroupWare-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21219] Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release
Revision: 21219
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21219
Author: Caeies
Date: 2010-06-02 09:22:22 + (Wed, 02 Jun 2010)
Log Message:
---
Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016
release
Modified Paths:
--
modules/admin/branches/branch_0_9_16/inc/class.boaccounts.inc.php
Modified: modules/admin/branches/branch_0_9_16/inc/class.boaccounts.inc.php
===
--- modules/admin/branches/branch_0_9_16/inc/class.boaccounts.inc.php
2010-06-02 09:21:59 UTC (rev 21218)
+++ modules/admin/branches/branch_0_9_16/inc/class.boaccounts.inc.php
2010-06-02 09:22:22 UTC (rev 21219)
@@ -715,7 +715,11 @@
$error[$totalerrors] = lang('You must enter a
loginid');
$totalerrors++;
}
-
+ if(!sanitize($_userData['account_lid'], 'alphanumeric'))
+ {
+ $error[$totalerrors] = lang('The login should
be alphanumeric only!');
+ $totalerrors++;
+ }
if ($_userData['old_loginid'] !=
$_userData['account_lid'])
{
if
($GLOBALS['phpgw']->accounts->exists($_userData['account_lid']))
___
phpGroupWare-cvs mailing list
phpGroupWare-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21218] Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release
Revision: 21218
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21218
Author: Caeies
Date: 2010-06-02 09:21:59 + (Wed, 02 Jun 2010)
Log Message:
---
Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016
release
Modified Paths:
--
modules/preferences/branches/branch_0_9_16/inc/class.uiaclprefs.inc.php
Modified:
modules/preferences/branches/branch_0_9_16/inc/class.uiaclprefs.inc.php
===
--- modules/preferences/branches/branch_0_9_16/inc/class.uiaclprefs.inc.php
2010-06-02 09:21:48 UTC (rev 21217)
+++ modules/preferences/branches/branch_0_9_16/inc/class.uiaclprefs.inc.php
2010-06-02 09:21:59 UTC (rev 21218)
@@ -25,7 +25,7 @@
function index()
{
- $acl_app=
get_var('acl_app',array('POST','GET'));
+ $acl_app=
reg_var('acl_app',array('POST','GET'), 'string', False, False);
$start = get_var('start',array('POST','GET'));
$query = get_var('query',array('POST','GET'));
$s_groups =
get_var('s_groups',array('POST','GET'));
___
phpGroupWare-cvs mailing list
phpGroupWare-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21217] Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release
Revision: 21217
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21217
Author: Caeies
Date: 2010-06-02 09:21:48 + (Wed, 02 Jun 2010)
Log Message:
---
Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016
release
Modified Paths:
--
modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG
modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sql.inc.php
modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sqlssl.inc.php
modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions_db.inc.php
modules/phpgwapi/branches/branch_0_9_16/inc/class.translation_sql.inc.php
modules/phpgwapi/branches/branch_0_9_16/inc/common_functions.inc.php
modules/phpgwapi/branches/branch_0_9_16/inc/functions.inc.php
modules/phpgwapi/branches/branch_0_9_16/setup/setup.inc.php
Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG
===
--- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02
09:19:57 UTC (rev 21216)
+++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02
09:21:48 UTC (rev 21217)
@@ -1,4 +1,8 @@
[0.9.16.016]
+ Security Fixes, Most Credits go to VUPEN Security for pointing them out
:
+ - CVE-2010-0403 Local file inclusion.
+ - CVE-2010-0404 Multiple SQL injection.
+
phpgwapi :
- fix the session not listed in case of using php4 session
(which is recommanded). Fixing #23386
- fix the Port for postgresql in case of not using the default
one.
Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sql.inc.php
===
--- modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sql.inc.php
2010-06-02 09:19:57 UTC (rev 21216)
+++ modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sql.inc.php
2010-06-02 09:21:48 UTC (rev 21217)
@@ -32,7 +32,7 @@
function authenticate($username, $passwd, $passwd_type)
{
$db = $GLOBALS['phpgw']->db;
-
+ $username = $db->db_addslashes($username);
if ($passwd_type == 'text')
{
$_passwd = md5($passwd);
Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sqlssl.inc.php
===
--- modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sqlssl.inc.php
2010-06-02 09:19:57 UTC (rev 21216)
+++ modules/phpgwapi/branches/branch_0_9_16/inc/class.auth_sqlssl.inc.php
2010-06-02 09:21:48 UTC (rev 21217)
@@ -24,7 +24,7 @@
function authenticate($username, $passwd)
{
$db = $GLOBALS['phpgw']->db;
-
+ $username = $db->db_addslashes($username);
$local_debug = False;
if($local_debug)
@@ -46,7 +46,7 @@
{
// use username only for authentication, ignore
X.509 subject in $passwd for now
$db->query('SELECT * FROM phpgw_accounts'
- . " WHERE account_lid = '" .
$db->db_addslashes($username) . "'"
+ . " WHERE account_lid = '$username'"
. "AND account_status
='A'",__LINE__,__FILE__);
$db->next_record();
}
Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
===
--- modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
2010-06-02 09:19:57 UTC (rev 21216)
+++ modules/phpgwapi/branches/branch_0_9_16/inc/class.crypto.inc.php
2010-06-02 09:21:48 UTC (rev 21217)
@@ -18,7 +18,7 @@
class crypto
{
var $enabled = False;
- var $debug = False;
+ var $debug = True;
var $mcrypt_version = '';
var $algo = MCRYPT_TRIPLEDES;
@@ -125,8 +125,13 @@
echo '' . time() . ' crypto->encrypt()
unencrypted data: ' . $data . "\n";
}
- if(is_array($data) || is_object($data))
+ //XXX CAEIES : always serialize datas to catch wrong
keys.
+ //if(is_array($data) || is_object($data))
+ if($data === False)
{
+ $data = 'BoolFalse';
+ }
+ {
if($this->debug
[Phpgroupware-cvs] [21216] Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016 release
Revision: 21216
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21216
Author: Caeies
Date: 2010-06-02 09:19:57 + (Wed, 02 Jun 2010)
Log Message:
---
Fixing CVE-2010-0404, update the CHANGELOG, prepare the already done 16.016
release
Modified Paths:
--
core/branches/branch_0_9_16/login.php
Modified: core/branches/branch_0_9_16/login.php
===
--- core/branches/branch_0_9_16/login.php 2010-06-02 09:15:48 UTC (rev
21215)
+++ core/branches/branch_0_9_16/login.php 2010-06-02 09:19:57 UTC (rev
21216)
@@ -120,6 +120,9 @@
return '' . lang('Your
session could not be verified.') . '';
break;
+ case 75:
+ return '' .
lang('Corrupted session data') . '';
+ break;
default:
return ' ';
}
___
phpGroupWare-cvs mailing list
phpGroupWare-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
[Phpgroupware-cvs] [21215] Fixing CVE-2010-0403
Revision: 21215
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21215
Author: Caeies
Date: 2010-06-02 09:15:48 + (Wed, 02 Jun 2010)
Log Message:
---
Fixing CVE-2010-0403
Modified Paths:
--
core/branches/branch_0_9_16/about.php
Modified: core/branches/branch_0_9_16/about.php
===
--- core/branches/branch_0_9_16/about.php 2010-05-05 14:05:10 UTC (rev
21214)
+++ core/branches/branch_0_9_16/about.php 2010-06-02 09:15:48 UTC (rev
21215)
@@ -16,7 +16,7 @@
include('header.inc.php');
$app = $_GET['app'];
- if ($app)
+ if ($app && isset($GLOBALS['phpgw_info']['apps'][$app]))
{
if (!($included =
$GLOBALS['phpgw']->hooks->single('about',$app)))
{
___
phpGroupWare-cvs mailing list
phpGroupWare-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-cvs
