SF.net SVN: postfixadmin:[860] branches/postfixadmin-2.3

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 860
          http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=860&view=rev
Author:   christian_boltz
Date:     2010-08-23 22:06:43 +0000 (Mon, 23 Aug 2010)

Log Message:
-----------
list-domain.php:
- fix sql injection in list-domain (only exploitable by superadmins)
  found by sezjan,
  http://sourceforge.net/projects/postfixadmin/forums/forum/676076/topic/3822301

This is a reason to re-create the 2.3.2 release, therefore...

CHANGELOG.TXT:
- change SVN release number for 2.3.2

Modified Paths:
--------------
    branches/postfixadmin-2.3/CHANGELOG.TXT
    branches/postfixadmin-2.3/list-domain.php

Modified: branches/postfixadmin-2.3/CHANGELOG.TXT
===================================================================

--- branches/postfixadmin-2.3/CHANGELOG.TXT	2010-08-23 10:25:17 UTC (rev 859)
+++ branches/postfixadmin-2.3/CHANGELOG.TXT	2010-08-23 22:06:43 UTC (rev 860)
@@ -10,12 +10,13 @@
 # Last update:
 # $Id$
 
-Version 2.3.2 - 2010/08/23 - SVN r858 (postfixadmin-2.3 branch)
+Version 2.3.2 - 2010/08/24 - SVN r860 (postfixadmin-2.3 branch)
 ---------------------------------------------------------------
 
   - SUMMARY: PostfixAdmin 2.3.2 is a bugfix-only release for Postfix Admin 2.3.1
   - SECURITY: attackers could find out if a admin exists (login pre-filled the
     username after "only" a wrong password was entered)
+  - SECURITY: fix sql injection in list-domain (only exploitable by superadmins)
   - alias targets in users/edit-alias are now validated
   - invalid alias targets in users/edit-alias are shown to the user again
     instead of dropping them

Modified: branches/postfixadmin-2.3/list-domain.php
===================================================================
--- branches/postfixadmin-2.3/list-domain.php	2010-08-23 10:25:17 UTC (rev 859)
+++ branches/postfixadmin-2.3/list-domain.php	2010-08-23 22:06:43 UTC (rev 860)
@@ -32,7 +32,7 @@
 if (authentication_has_role('global-admin')) {
    $list_admins = list_admins ();
    $is_superadmin = 1;
-   $fUsername = safepost('fUsername', safeget('username')); # prefer POST over GET variable
+   $fUsername = escape_string(safepost('fUsername', safeget('username'))); # prefer POST over GET variable
    if ($fUsername != "") $admin_properties = get_admin_properties($fUsername);
 } else {
    $list_admins = array(authentication_get_username());


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


