mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

upport 1.7.6 security fixes

Browse Source
This commit is contained in:
Garvin Hicking
2014-02-06 09:36:31 +01:00
parent 7fe805cd48
commit 3d7765f066
8 changed files with 55 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/admin/entries.inc.php
View File

@ -168,7 +168,7 @@ switch($serendipity['GET']['adminAction']) {
'serendipity[action]' => 'admin',
'serendipity[adminModule]' => 'entries',
'serendipity[adminAction]' => 'save',
'serendipity[timestamp]' => $entry['timestamp']
'serendipity[timestamp]' => htmlspecialchars($entry['timestamp'])
),
$entry
);

7
include/admin/plugins.inc.php
View File

@ -341,8 +341,11 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
/* Load the new plugin */
$plugin = &serendipity_plugin_api::load_plugin($inst);
if (!is_object($plugin)) {
echo "<dl><dt>DEBUG: Plugin $inst not an object: " . print_r($plugin, true) . ".</dt><dd>Input: " . print_r($serendipity['GET'], true) . ".</dd><dd>This error can happen if a plugin was not properly downloaded (check your plugins directory if the requested plugin was downloaded) or the inclusion of a file failed (permissions?)</dd>";
echo "<dt>Backtrace:</dt><dd>" . implode("<br />\n", $serendipity['debug']['pluginload']) . "<br /></dd></dl>";
echo "DEBUG: Plugin " . htmlspecialchars($inst) . " not an object: " . htmlspecialchars(print_r($plugin, true))
. ".<br />Input: " . htmlspecialchars(print_r($serendipity['GET'], true)) . ".<br /><br />\n\nThis error
can happen if a plugin was not properly downloaded (check your plugins directory if the requested plugin
was downloaded) or the inclusion of a file failed (permissions?)<br />\n";
echo "Backtrace:<br />\n" . nl2br(htmlspecialchars(implode("\n", $serendipity['debug']['pluginload']))) . "<br />";
}
$bag = new serendipity_property_bag;
$plugin->introspect($bag);

5
include/plugin_api.inc.php
View File

@ -145,6 +145,7 @@ class serendipity_plugin_api
$id = md5(uniqid(''));
$key = $plugin_class_id . ':' . $id;
$key = serendipity_db_escape_string($key);
// Secure Plugin path. No leading slashes, no backslashes, no "up" directories
$pluginPath = preg_replace('@^(/)@', '', $pluginPath);
@ -164,7 +165,7 @@ class serendipity_plugin_api
$serendipity['debug']['pluginload'][] = "Installing plugin: " . print_r(func_get_args(), true);
$iq = "INSERT INTO {$serendipity['dbPrefix']}plugins (name, sort_order, placement, authorid, path) values ('$key', $nextidx, '$default_placement', '$authorid', '$pluginPath')";
$iq = "INSERT INTO {$serendipity['dbPrefix']}plugins (name, sort_order, placement, authorid, path) values ('" . htmlspecialchars($key) . "', $nextidx, '$default_placement', '$authorid', '" . htmlspecialchars($pluginPath) . "')";
$serendipity['debug']['pluginload'][] = $iq;
serendipity_db_query($iq);
serendipity_plugin_api::hook_event('backend_plugins_new_instance', $key, array('default_placement' => $default_placement));
@ -179,7 +180,7 @@ class serendipity_plugin_api
$plugin->install();
} else {
$serendipity['debug']['pluginload'][] = "Loading plugin failed painfully. File not found?";
echo '<span class="msg_error">' . ERROR . ': ' . $key . ' (' . $pluginPath . ')</span>';
echo '<span class="msg_error">' . ERROR . ': ' . htmlspecialchars($key) . ' (' . htmlspecialchars($pluginPath) . ')</span>';
}
return $key;