From: <gi...@us...> - 2008-10-17 15:11:32
|
Revision: 5680 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5680&view=rev Author: giallu Date: 2008-10-17 15:11:22 +0000 (Fri, 17 Oct 2008) Log Message: ----------- Fix 9704: (manage_proj_page.php) Remote Code Execution Exploit Modified Paths: -------------- trunk/mantisbt/core/utility_api.php Modified: trunk/mantisbt/core/utility_api.php =================================================================== --- trunk/mantisbt/core/utility_api.php 2008-10-17 15:10:53 UTC (rev 5679) +++ trunk/mantisbt/core/utility_api.php 2008-10-17 15:11:22 UTC (rev 5680) @@ -151,8 +151,11 @@ $t_factor = 1; } - $t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" ); - uasort( $p_array, $t_function ); + // Security measure: see http://www.mantisbt.org/bugs/view.php?id=9704 for details + if ( array_key_exist( $p_array, $p_key ) ) { + $t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" ); + uasort( $p_array, $t_function ); + } return $p_array; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |