Menu
▾
▴
[xoops-svn] SF.net SVN: xoops-svn:[10981] XoopsCore/branches/2.5.x/2.5.6
|
From: <tr...@us...> - 2013-02-04 19:37:52
|
Revision: 10981
http://sourceforge.net/p/xoops/svn/10981
Author: trabis
Date: 2013-02-04 19:37:48 +0000 (Mon, 04 Feb 2013)
Log Message:
-----------
Fixing some security issues and adding some static methods for php 5.4 compliance
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.6/docs/changelog.250.txt
XoopsCore/branches/2.5.x/2.5.6/htdocs/class/database/databasefactory.php
XoopsCore/branches/2.5.x/2.5.6/htdocs/class/xoopsform/grouppermform.php
XoopsCore/branches/2.5.x/2.5.6/htdocs/class/xoopslists.php
XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/groupperm.php
XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/modulesadmin/main.php
XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/templates/admin/system_modules.html
Modified: XoopsCore/branches/2.5.x/2.5.6/docs/changelog.250.txt
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/docs/changelog.250.txt 2013-02-04 14:59:21 UTC (rev 10980)
+++ XoopsCore/branches/2.5.x/2.5.6/docs/changelog.250.txt 2013-02-04 19:37:48 UTC (rev 10981)
@@ -7,7 +7,10 @@
- Array to string conversion (geekwright/mamba)
- issues with missing xoopscomments table (geekwright/sabahan/Mamba)
- bug with using reference for non-variables (geekwright/mamba)
- - number of users when "all groups" selected was wrong (tatane/mamba)
+ - number of users when "all groups" selected was wrong (tatane/mamba)
+Security fixes
+ - XSS/CSRF vulnerability in system/admin/groupperm.php (Dingjie Yang,Qualys/trabis)
+ - XSS/CSRF vulnerability in system/admin.php (Dingjie Yang,Qualys/trabis)
===============================
2013/01/22: Version 2.5.6 Beta
@@ -18,7 +21,7 @@
Bugfixes:
- errors related to static functions, so it works on PHP 5.4 (Mamba)
- bug #1245 in class XoopsLoad.php (Alain91)
-
+
Updated:
- TinyMCE to 3.5.8 (mamba)
- Smarty to 2.6.27 (mamba)
@@ -33,10 +36,10 @@
Bugfixes:
- preventing division by zero in pagenav.php (timgno)
- ID: 3466534 tooltip "$ not defined" fix (culex)
- - ID: 3513787 wrong cookie_domain (arion92fr)
+ - ID: 3513787 wrong cookie_domain (arion92fr)
- ID: 3518291 Fix of variables assigned by reference in formelementtray (mamba)
- problem in formtextdateselect (wishcraft)
-
+
Updated:
- phpThumb to 1.7.11 (mamba)
- jGrowl to 1.2.6 (mowaffaq/mamba)
@@ -53,8 +56,8 @@
- ID: 3511204 TinyEditor only loading in the 'Scoop' part of the News module (peekay/XavierS)
- ID: 3511205 Bug in fresh install in page_configsave.php (XavierS)
-Improved:
- - replacing "msnbot" with "bingbot" in Protector (mamba)
+Improved:
+ - replacing "msnbot" with "bingbot" in Protector (mamba)
Updated:
- HTML Purifier to 4.4.0 (mamba)
Modified: XoopsCore/branches/2.5.x/2.5.6/htdocs/class/database/databasefactory.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/htdocs/class/database/databasefactory.php 2013-02-04 14:59:21 UTC (rev 10980)
+++ XoopsCore/branches/2.5.x/2.5.6/htdocs/class/database/databasefactory.php 2013-02-04 19:37:48 UTC (rev 10981)
@@ -43,7 +43,7 @@
* @staticvar object The only instance of database class
* @return object Reference to the only instance of database class
*/
- function &getDatabaseConnection()
+ static function &getDatabaseConnection()
{
static $instance;
if (!isset($instance)) {
Modified: XoopsCore/branches/2.5.x/2.5.6/htdocs/class/xoopsform/grouppermform.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/htdocs/class/xoopsform/grouppermform.php 2013-02-04 14:59:21 UTC (rev 10980)
+++ XoopsCore/branches/2.5.x/2.5.6/htdocs/class/xoopsform/grouppermform.php 2013-02-04 19:37:48 UTC (rev 10981)
@@ -72,6 +72,7 @@
$this->_permName = $permname;
$this->_permDesc = $permdesc;
$this->addElement(new XoopsFormHidden('modid', $this->_modid));
+ $this->addElement(new XoopsFormHiddenToken($permname));
if ($url != "") {
$this->addElement(new XoopsFormHidden('redirect_url', $url));
}
Modified: XoopsCore/branches/2.5.x/2.5.6/htdocs/class/xoopslists.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/htdocs/class/xoopslists.php 2013-02-04 14:59:21 UTC (rev 10980)
+++ XoopsCore/branches/2.5.x/2.5.6/htdocs/class/xoopslists.php 2013-02-04 19:37:48 UTC (rev 10981)
@@ -33,7 +33,7 @@
*/
class XoopsLists
{
- function getTimeZoneList()
+ static function getTimeZoneList()
{
xoops_loadLanguage('timezone');
@@ -75,7 +75,7 @@
/**
* gets list of themes folder from themes directory
*/
- function getThemesList()
+ static function getThemesList()
{
return XoopsLists::getDirListAsArray(XOOPS_THEME_PATH . '/');
}
@@ -83,7 +83,7 @@
/**
* gets a list of module folders from the modules directory
*/
- function getModulesList()
+ static function getModulesList()
{
return XoopsLists::getDirListAsArray(XOOPS_ROOT_PATH . '/modules/');
}
@@ -91,7 +91,7 @@
/**
* gets list of editors folder from xoopseditor directory
*/
- function getEditorList()
+ static function getEditorList()
{
return XoopsLists::getDirListAsArray(XOOPS_ROOT_PATH . '/class/xoopseditor/');
}
@@ -99,7 +99,7 @@
/**
* gets list of name of directories inside a directory
*/
- function getDirListAsArray($dirname)
+ static function getDirListAsArray($dirname)
{
$ignored = array(
'cvs' ,
@@ -149,7 +149,7 @@
/**
* gets list of image file names in a directory
*/
- function getImgListAsArray($dirname, $prefix = '')
+ static function getImgListAsArray($dirname, $prefix = '')
{
$filelist = array();
if ($handle = opendir($dirname)) {
@@ -169,7 +169,7 @@
/**
* gets list of html file names in a certain directory
*/
- function getHtmlListAsArray($dirname, $prefix = '')
+ static function getHtmlListAsArray($dirname, $prefix = '')
{
$filelist = array();
if ($handle = opendir($dirname)) {
@@ -190,7 +190,7 @@
* gets list of avatar file names in a certain directory
* if directory is not specified, default directory will be searched
*/
- function getAvatarsList($avatar_dir = '')
+ static function getAvatarsList($avatar_dir = '')
{
$avatars = array();
if ($avatar_dir != '') {
@@ -204,7 +204,7 @@
/**
* gets list of all avatar image files inside default avatars directory
*/
- function getAllAvatarsList()
+ static function getAllAvatarsList()
{
$avatars = array();
$dirlist = array();
@@ -223,7 +223,7 @@
* gets list of subject icon image file names in a certain directory
* if directory is not specified, default directory will be searched
*/
- function getSubjectsList($sub_dir = '')
+ static function getSubjectsList($sub_dir = '')
{
$subjects = array();
if ($sub_dir != '') {
@@ -237,7 +237,7 @@
/**
* gets list of language folders inside default language directory
*/
- function getLangList()
+ static function getLangList()
{
$lang_list = array();
$lang_list = XoopsLists::getDirListAsArray(XOOPS_ROOT_PATH . '/language/');
@@ -247,9 +247,9 @@
/**
* XoopsLists::getCountryList()
*
- * @return
+ * @return array
*/
- function getCountryList()
+ static function getCountryList()
{
xoops_loadLanguage('countries');
$country_list = array (
@@ -518,9 +518,9 @@
*
* This Function is no longer being used by the core
*
- * @return
+ * @return array
*/
- function getHtmlList()
+ static function getHtmlList()
{
$html_list = array(
'a' => '<a>',
@@ -589,9 +589,9 @@
/**
* XoopsLists::getUserRankList()
*
- * @return
+ * @return array
*/
- function getUserRankList()
+ static function getUserRankList()
{
$db =& XoopsDatabaseFactory::getDatabaseConnection();
$myts =& MyTextSanitizer::getInstance();
Modified: XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/groupperm.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/groupperm.php 2013-02-04 14:59:21 UTC (rev 10980)
+++ XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/groupperm.php 2013-02-04 19:37:48 UTC (rev 10981)
@@ -20,10 +20,11 @@
$member_handler =& xoops_gethandler('member');
$group_list = $member_handler->getGroupList();
+
if (is_array($_POST['perms']) && !empty($_POST['perms'])) {
$gperm_handler = xoops_gethandler('groupperm');
foreach ($_POST['perms'] as $perm_name => $perm_data) {
- if (false != $gperm_handler->deleteByModule($modid, $perm_name)) {
+ if ($GLOBALS['xoopsSecurity']->check(true, false, $perm_name) && false != $gperm_handler->deleteByModule($modid, $perm_name)) {
foreach ($perm_data['groups'] as $group_id => $item_ids) {
foreach ($item_ids as $item_id => $selected) {
if ($selected == 1) {
Modified: XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/modulesadmin/main.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/modulesadmin/main.php 2013-02-04 14:59:21 UTC (rev 10980)
+++ XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/admin/modulesadmin/main.php 2013-02-04 19:37:48 UTC (rev 10981)
@@ -45,7 +45,7 @@
$op = system_CleanVars ( $_REQUEST, 'op', 'list', 'string' );
$module = system_CleanVars ( $_REQUEST, 'module', '', 'string' );
-if (in_array($op, array('submit', 'install_ok', 'update_ok', 'uninstall_ok'))) {
+if (in_array($op, array('confirm', 'submit', 'install_ok', 'update_ok', 'uninstall_ok'))) {
if (!$GLOBALS['xoopsSecurity']->check()) {
$op = 'list';
}
@@ -233,6 +233,7 @@
$modifs_mods = array();
$module = empty($_POST['module']) ? array() : $_POST['module'];
foreach ($module as $mid) {
+ $mid = (int) $mid;
$modifs_mods[$i]['mid'] = $mid;
$modifs_mods[$i]['oldname'] = $myts->htmlspecialchars($myts->stripSlashesGPC($oldname[$mid]));
$modifs_mods[$i]['newname'] = $myts->htmlspecialchars(trim($myts->stripslashesGPC($newname[$mid])));
Modified: XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/templates/admin/system_modules.html
===================================================================
--- XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/templates/admin/system_modules.html 2013-02-04 14:59:21 UTC (rev 10980)
+++ XoopsCore/branches/2.5.x/2.5.6/htdocs/modules/system/templates/admin/system_modules.html 2013-02-04 19:37:48 UTC (rev 10981)
@@ -187,6 +187,7 @@
</tr>
</tfoot>
</table>
+ <{php}>echo $GLOBALS['xoopsSecurity']->getTokenHTML();<{/php}>
</form>
<{/if}>
|
