From: | "Peter Volkov (pva)" <pva@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo-x86 commit in www-apps/mantisbt/files: mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch digest-mantisbt-1.0.8-r1 |
Date: | Sun, 30 Dec 2007 19:17:42 |
Message-Id: | E1J93fF-00065L-GK@stork.gentoo.org |
1 | pva 07/12/30 19:17:37 |
2 | |
3 | Added: mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch |
4 | digest-mantisbt-1.0.8-r1 |
5 | Log: |
6 | Fixes "Upload File" Script Insertion Vulnerability, bug 203791, reported by Pierre-Yves Rofes <py AT gentoo.org>. |
7 | (Portage version: 2.1.4_rc11) |
8 | |
9 | Revision Changes Path |
10 | 1.1 www-apps/mantisbt/files/mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch |
11 | |
12 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/mantisbt/files/mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch?rev=1.1&view=markup |
13 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/mantisbt/files/mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch?rev=1.1&content-type=text/plain |
14 | |
15 | Index: mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch |
16 | =================================================================== |
17 | Index: core/file_api.php |
18 | =================================================================== |
19 | --- core/file_api.php (リビジョン 4833) |
20 | +++ core/file_api.php (作業コピー) |
21 | @@ -163,7 +163,7 @@ |
22 | $row = $t_attachment_rows[$i]; |
23 | extract( $row, EXTR_PREFIX_ALL, 'v' ); |
24 | |
25 | - $t_file_display_name = file_get_display_name( $v_filename ); |
26 | + $t_file_display_name = string_html_specialchars( file_get_display_name( $v_filename ) ); |
27 | $t_filesize = number_format( $v_filesize ); |
28 | $t_date_added = date( config_get( 'normal_date_format' ), db_unixtimestamp( $v_date_added ) ); |
29 | |
30 | |
31 | |
32 | |
33 | 1.1 www-apps/mantisbt/files/digest-mantisbt-1.0.8-r1 |
34 | |
35 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/mantisbt/files/digest-mantisbt-1.0.8-r1?rev=1.1&view=markup |
36 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/mantisbt/files/digest-mantisbt-1.0.8-r1?rev=1.1&content-type=text/plain |
37 | |
38 | Index: digest-mantisbt-1.0.8-r1 |
39 | =================================================================== |
40 | MD5 fab90748346fe9a8276a71f59c1a245a mantis-1.0.8.tar.gz 1549854 |
41 | RMD160 02e349a05d8d5c190d943ee4dc430a6adaffe1a0 mantis-1.0.8.tar.gz 1549854 |
42 | SHA256 c22a3ad2f532addc70f8f266c83a360dfea685de79ebf713801b3f4fb556b501 mantis-1.0.8.tar.gz 1549854 |
43 | |
44 | |
45 | |
46 | -- |
47 | gentoo-commits@g.o mailing list |