SF.net SVN: postfixadmin:[1185] branches/postfixadmin-2.3
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
SF.net SVN: postfixadmin:[1185] branches/postfixadmin-2.3
|
From: <chr...@us...> - 2011-09-22 22:29:30
|
Revision: 1185
http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1185&view=rev
Author: christian_boltz
Date: 2011-09-22 22:29:24 +0000 (Thu, 22 Sep 2011)
Log Message:
-----------
functions.inc.php / create_admin():
- fix SQL injection (only exploitable by superadmins)
Reported by Matthias Bethke (msbethke@SF),
https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3412484&group_id=191583
(+ changelog update for this and the previous commit)
Modified Paths:
--------------
branches/postfixadmin-2.3/CHANGELOG.TXT
branches/postfixadmin-2.3/functions.inc.php
Modified: branches/postfixadmin-2.3/CHANGELOG.TXT
===================================================================
--- branches/postfixadmin-2.3/CHANGELOG.TXT 2011-09-22 22:01:52 UTC (rev 1184)
+++ branches/postfixadmin-2.3/CHANGELOG.TXT 2011-09-22 22:29:24 UTC (rev 1185)
@@ -10,6 +10,12 @@
# Last update:
# $Id$
+SVN changes since 2.3.4 release (postfixadmin-2.3 branch)
+----------------------------------------------------------------
+
+ - create-domain: fix SQL injection (only exploitable by superadmins)
+ - add missing $LANG['pAdminDelete_admin_error']
+
Version 2.3.4 - 2011/09/16 - SVN r1180 (postfixadmin-2.3 branch)
----------------------------------------------------------------
Modified: branches/postfixadmin-2.3/functions.inc.php
===================================================================
--- branches/postfixadmin-2.3/functions.inc.php 2011-09-22 22:01:52 UTC (rev 1184)
+++ branches/postfixadmin-2.3/functions.inc.php 2011-09-22 22:29:24 UTC (rev 1185)
@@ -2349,7 +2349,7 @@
{
for ($i = 0; $i < sizeof ($fDomains); $i++)
{
- $domain = $fDomains[$i];
+ $domain = escape_string($fDomains[$i]);
$result = db_query ("INSERT INTO " . table_by_key ('domain_admins') . " (username,domain,created) VALUES ('$fUsername','$domain',NOW())");
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
