codes****@googl*****
codes****@googl*****
2009年 4月 19日 (日) 00:59:03 JST
Author: tacahi
Date: Sat Apr 18 08:52:23 2009
New Revision: 1529
Modified:
branches/geeklog-new-tree/CHANGES.jp
branches/geeklog-new-tree/extended/CHANGES.jp
branches/geeklog-new-tree/extended/release_jp.php
branches/geeklog-new-tree/public_html/admin/install/index.php
branches/geeklog-new-tree/public_html/docs/changed-files
branches/geeklog-new-tree/public_html/docs/changes.html
branches/geeklog-new-tree/public_html/docs/history
branches/geeklog-new-tree/public_html/siteconfig.php
branches/geeklog-new-tree/public_html/usersettings.php
branches/geeklog-new-tree/release_jp.php
Log:
geeklog 1.5.2sr4のマージに関するリビジョンをマージしました。
Modified: branches/geeklog-new-tree/CHANGES.jp
==============================================================================
--- branches/geeklog-new-tree/CHANGES.jp (original)
+++ branches/geeklog-new-tree/CHANGES.jp Sat Apr 18 08:52:23 2009
@@ -1,5 +1,12 @@
$Id$
+2009-04-18 Takahiro Kambe <tacahi>
+
+ * public_html/docs/changes.html: 1.5.2sr4の変更(追加部分)を翻訳し
+ ました。
+
+ * geeklog-1.5.2sr4をマージしました。
+
2009-04-16 Takahiro Kambe <tacahi>
* geeklog-1.5.2sr3-jp-1.0をリリースします。
Modified: branches/geeklog-new-tree/extended/CHANGES.jp
==============================================================================
--- branches/geeklog-new-tree/extended/CHANGES.jp (original)
+++ branches/geeklog-new-tree/extended/CHANGES.jp Sat Apr 18 08:52:23 2009
@@ -1,5 +1,12 @@
$Id$
+2009-04-18 Takahiro Kambe <tacahi>
+
+ * public_html/docs/changes.html: 1.5.2sr4の変更(追加部分)を翻訳し
+ ました。
+
+ * geeklog-1.5.2sr4をマージしました。
+
2009-04-18 Masuko Koeda <milk851>
* 掲示板のアイコンを新しいものに変更しました。
Modified: branches/geeklog-new-tree/extended/release_jp.php
==============================================================================
--- branches/geeklog-new-tree/extended/release_jp.php (original)
+++ branches/geeklog-new-tree/extended/release_jp.php Sat Apr 18 08:52:23
2009
@@ -1,4 +1,4 @@
<?php
- $release_no = "1.0.99";
+ $release_no = "0.0.99";
$release_date = "$Date$";
?>
Modified: branches/geeklog-new-tree/public_html/admin/install/index.php
==============================================================================
--- branches/geeklog-new-tree/public_html/admin/install/index.php (original)
+++ branches/geeklog-new-tree/public_html/admin/install/index.php Sat Apr
18 08:52:23 2009
@@ -48,7 +48,7 @@
define("LB", "\n");
}
if (!defined('VERSION')) {
- define('VERSION', '1.5.2sr3');
+ define('VERSION', '1.5.2sr4');
}
if (!defined('XHTML')) {
define('XHTML', ' /');
Modified: branches/geeklog-new-tree/public_html/docs/changed-files
==============================================================================
--- branches/geeklog-new-tree/public_html/docs/changed-files (original)
+++ branches/geeklog-new-tree/public_html/docs/changed-files Sat Apr 18
08:52:23 2009
@@ -1,6 +1,6 @@
-geeklog-1.5.2sr3/public_html/admin/install/index.php
-geeklog-1.5.2sr3/public_html/docs/changed-files
-geeklog-1.5.2sr3/public_html/docs/changes.html
-geeklog-1.5.2sr3/public_html/docs/history
-geeklog-1.5.2sr3/public_html/siteconfig.php
-geeklog-1.5.2sr3/system/lib-webservices.php
+geeklog-1.5.2sr4/public_html/admin/install/index.php
+geeklog-1.5.2sr4/public_html/docs/changed-files
+geeklog-1.5.2sr4/public_html/docs/changes.html
+geeklog-1.5.2sr4/public_html/docs/history
+geeklog-1.5.2sr4/public_html/siteconfig.php
+geeklog-1.5.2sr4/public_html/usersettings.php
Modified: branches/geeklog-new-tree/public_html/docs/changes.html
==============================================================================
--- branches/geeklog-new-tree/public_html/docs/changes.html (original)
+++ branches/geeklog-new-tree/public_html/docs/changes.html Sat Apr 18
08:52:23 2009
@@ -16,6 +16,10 @@
<p>このドキュメントでは最も重要な変更点や目につく変更点を簡潔に説明していま
す。変更点の詳細なリストは、
<a href="history">ChangeLog</a>をご覧ください。
<tt>docs/changed-files</tt>には、前回リリース以来変更されたファイルの一覧が
あります。</p>
+<h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
+
+<p>Nine Situations グループの Bookoo が usersettings.php の古いバグを対象と
する、さらに別のSQLインジェクションの脆弱性を報告しました。前回の問題のよう
に、攻撃者は任意のアカウントのパスワードのハッシュ値を取得できる恐れがありま
したが、このリリースで問題は修正されました。</p>
+
<h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
Modified: branches/geeklog-new-tree/public_html/docs/history
==============================================================================
--- branches/geeklog-new-tree/public_html/docs/history (original)
+++ branches/geeklog-new-tree/public_html/docs/history Sat Apr 18 08:52:23
2009
@@ -1,5 +1,16 @@
Geeklog History/Changes:
+Apr 18, 2009 (1.5.2sr4)
+------------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted another SQL injection exploit,
+targetting an old bug in usersettings.php. As with the previous issues,
this
+allowed an attacker to extract the password hash for any account and is
fixed
+with this release.
+
+
Apr 13, 2009 (1.5.2sr3)
------------
Modified: branches/geeklog-new-tree/public_html/siteconfig.php
==============================================================================
--- branches/geeklog-new-tree/public_html/siteconfig.php (original)
+++ branches/geeklog-new-tree/public_html/siteconfig.php Sat Apr 18
08:52:23 2009
@@ -38,7 +38,7 @@
define('LB',"\n");
}
if (!defined('VERSION')) {
- define('VERSION', '1.5.2sr3');
+ define('VERSION', '1.5.2sr4');
}
?>
Modified: branches/geeklog-new-tree/public_html/usersettings.php
==============================================================================
--- branches/geeklog-new-tree/public_html/usersettings.php (original)
+++ branches/geeklog-new-tree/public_html/usersettings.php Sat Apr 18
08:52:23 2009
@@ -1345,23 +1345,33 @@
}
}
- $TIDS = @array_values($A[$_TABLES['topics']]);
- $AIDS = @array_values($A['selauthors']);
- $BOXES = @array_values($A["{$_TABLES['blocks']}"]);
- $ETIDS = @array_values($A['etids']);
+ $TIDS = @array_values($A[$_TABLES['topics']]); // array of strings
+ $AIDS = @array_values($A['selauthors']); // array of
integers
+ $BOXES = @array_values($A["{$_TABLES['blocks']}"]); // array of
integers
+ $ETIDS = @array_values($A['etids']); // array of strings
+ $AETIDS = USER_getAllowedTopics(); // array of
strings (fetched, needed to "clean" $TIDS and $ETIDS)
$tids = '';
if (sizeof ($TIDS) > 0) {
- $tids = addslashes (implode (' ', $TIDS));
+ // the array_intersect mitigates the need to scrub the TIDS input
+ $tids = addslashes (implode (' ', array_intersect ($AETIDS,
$TIDS)));
}
$aids = '';
if (sizeof ($AIDS) > 0) {
+ // Scrub the AIDS array to prevent SQL injection and bad values
+ foreach ($AIDS as $key => $val) {
+ $AIDS[$key] = COM_applyFilter($val, true);
+ }
$aids = addslashes (implode (' ', $AIDS));
}
$selectedblocks = '';
if (count ($BOXES) > 0) {
+ // Scrub the BOXES array to prevent SQL injection and bad values
+ foreach ($BOXES as $key => $val) {
+ $BOXES[$key] = COM_applyFilter($val, true);
+ }
$boxes = addslashes (implode (',', $BOXES));
$blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']}
WHERE bid NOT IN ($boxes)");
@@ -1379,7 +1389,7 @@
$etids = '';
if (sizeof ($ETIDS) > 0) {
- $AETIDS = USER_getAllowedTopics();
+ // the array_intersect mitigates the need to scrub the ETIDS input
$etids = addslashes (implode (' ', array_intersect ($AETIDS,
$ETIDS)));
}
Modified: branches/geeklog-new-tree/release_jp.php
==============================================================================
--- branches/geeklog-new-tree/release_jp.php (original)
+++ branches/geeklog-new-tree/release_jp.php Sat Apr 18 08:52:23 2009
@@ -1,4 +1,4 @@
<?php
- $release_no = "1.0.99";
+ $release_no = "0.0.99";
$release_date = "$Date$";
?>