+2008-01-09 Roland Mas <lolando@debian.org>
+
+ * www/export/rss_sfprojects.php: Validate input to prevent an SQL
+ injection.
+ * www/export/forum.php: Ditto.
+ * www/export/rss20_newreleases.php: Ditto.
+ * www/export/rss20_news.php: Ditto.
+ * www/export/rss20_projects.php: Ditto.
+ * www/export/rss_sfnewreleases.php: Ditto.
+ * www/export/rss_sfnews.php: Ditto.
+
2007-12-12 Roland Mas <lolando@debian.org>
* www/tracker/taskmgr.php: Fetch project_task_id parameter from
-gforge (4.6.99+svn6319-3+1) unstable; urgency=low
+gforge (4.6.99+svn6319-4) unstable; urgency=high
* Finished removing all references to LDAP from the Debconf templates
and maintainer scripts (closes: #408867).
* Also updated German debconf template translation (closes: #456504).
+ * Fixed SQL injection vulnerability due to insufficient input sanitizing
+ (CVE-2008-0173).
- -- Roland Mas <lolando@debian.org> Sun, 23 Dec 2007 11:07:38 +0100
+ -- Roland Mas <lolando@debian.org> Wed, 09 Jan 2008 20:34:36 +0100
gforge (4.6.99+svn6319-3) unstable; urgency=low
$group_id = getIntFromRequest('group_id');
+if (!is_numeric ($group_id)) {
+ $group_id = 0 ;
+}
// ## group_id must be specified
$res_grp = db_query("
SELECT group_id,group_name
<rss version="2.0">
';
+if (!is_numeric ($limit)) {
+ $limit = 0 ;
+}
+if (!is_numeric ($group_id)) {
+ $group_id = 0 ;
+}
// ## default limit
if (!$limit) $limit = 10;
if ($limit > 100) $limit = 100;
print '<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
';
+if (!is_numeric ($limit)) {
+ $limit = 0 ;
+}
+if (!is_numeric ($group_id)) {
+ $group_id = 0 ;
+}
// ## default limit
if (!$limit) $limit = 10;
if ($limit > 100) $limit = 100;
AND u.user_id=news_bytes.submitted_by
AND g.is_public='1'
AND g.status='A'
- $where_clause
+ $where
order by post_date desc";
$res = db_query($sql, $limit);
print '<?xml version="1.0"?>
<rss version="2.0">
';
+if (!is_numeric ($limit)) {
+ $limit = 0 ;
+}
$res = db_query(
'SELECT group_id,group_name,unix_group_name,homepage,short_description,register_time '
.'FROM groups '
<!DOCTYPE rss SYSTEM "http://my.netscape.com/publish/formats/rss-0.91.dtd">
<rss version="0.91">
';
+if (!is_numeric ($limit)) {
+ $limit = 0 ;
+}
// ## default limit
if (!$limit < 1) {
$limit = 10;
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:syn="http://purl.org/rss/1.0/modules/syndication/"
xmlns:admin="http://webns.net/mvcb/" >';
+
+if (!is_numeric ($limit)) {
+ $limit = 0 ;
+}
+if (!is_numeric ($group_id)) {
+ $group_id = 0 ;
+}
// ## default limit
if ($limit < 1) {
$limit = 10;
<!DOCTYPE rss SYSTEM "http://my.netscape.com/publish/formats/rss-0.91.dtd">
<rss version="0.91">
';
+if (!is_numeric ($limit)) {
+ $limit = 0 ;
+}
$res = db_query("
SELECT
group_id,