SF.net SVN: postfixadmin:[1650] branches/postfixadmin-2.3
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
SF.net SVN: postfixadmin:[1650] branches/postfixadmin-2.3
|
From: <chr...@us...> - 2014-02-19 12:27:05
|
Revision: 1650
http://sourceforge.net/p/postfixadmin/code/1650
Author: christian_boltz
Date: 2014-02-19 12:27:02 +0000 (Wed, 19 Feb 2014)
Log Message:
-----------
functions.inc.php:
- fix SQL injection in show_gen_status()
(backport of trunk r1639)
- update version number to 2.3.7
(+ CHANGELOG.TXT update)
Revision Links:
--------------
http://sourceforge.net/p/postfixadmin/code/1639
Modified Paths:
--------------
branches/postfixadmin-2.3/CHANGELOG.TXT
branches/postfixadmin-2.3/functions.inc.php
Modified: branches/postfixadmin-2.3/CHANGELOG.TXT
===================================================================
--- branches/postfixadmin-2.3/CHANGELOG.TXT 2014-02-19 11:57:47 UTC (rev 1649)
+++ branches/postfixadmin-2.3/CHANGELOG.TXT 2014-02-19 12:27:02 UTC (rev 1650)
@@ -10,8 +10,9 @@
# Last update:
# $Id$
-Changes since 2.3.6 release
+Version 2.3.7 - 2014/02/__ - SVN r16__ (postfixadmin-2.3 branch)
----------------------------------------------------------------
+ - SECURITY: fix SQL injection in show_gen_status()
- lt.lang, da.lang translation update
- when enabling/disabling a mailbox, also update the corresponding alias
- fix creating superadmin in setup.php with MariaDB (more strict SQL)
Modified: branches/postfixadmin-2.3/functions.inc.php
===================================================================
--- branches/postfixadmin-2.3/functions.inc.php 2014-02-19 11:57:47 UTC (rev 1649)
+++ branches/postfixadmin-2.3/functions.inc.php 2014-02-19 12:27:02 UTC (rev 1650)
@@ -16,7 +16,7 @@
* Contains re-usable code.
*/
-$version = '2.3.6';
+$version = '2.3.7';
/**
* check_session
@@ -2175,6 +2175,8 @@
global $CONF, $table_alias;
$stat_string = "";
+ $show_alias = escape_string($show_alias);
+
$stat_goto = "";
$stat_result = db_query ("SELECT goto FROM $table_alias WHERE address='$show_alias'");
if ($stat_result['rows'] > 0)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
