[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

mydms in etch

Hi,

I've uploaded mydms package to unstable. It contains two security bugs
solved. I've contacted first with security team and said me to upload it
to unstable with priority high.

Please, let it enter in ethc.

The differences are attached.

Thanks.

diff -urN mydms-1.4.4+1/debian/changelog p/mydms-1.4.4+1/debian/changelog
--- mydms-1.4.4+1/debian/changelog	2007-03-10 09:10:11.000000000 +0100
+++ p/mydms-1.4.4+1/debian/changelog	2007-03-10 09:16:43.000000000 +0100
@@ -1,13 +1,3 @@
-mydms (1.4.4+1-5) unstable; urgency=high
-
-  * Security: SQL Injection could be done changing cookies content if the 
-  userID is not checked to be numeric only (Thanks to Rolan Benavent from 
-  Dulasoft SL)
-  * Security: SQL Injection could be done as result of an incorrect checking
-  order in sanitize function.
-
- -- Miguel Gea Milvaques <xerakko@debian.org>  Fri, 16 Feb 2007 17:21:38 +0100
-
 mydms (1.4.4+1-4) unstable; urgency=low
 
   * Conditional use for dbconfig-common templates at mydms.config file
diff -urN mydms-1.4.4+1/inc/inc.ClassKeywords.php p/mydms-1.4.4+1/inc/inc.ClassKeywords.php
--- mydms-1.4.4+1/inc/inc.ClassKeywords.php	2007-02-16 17:12:15.000000000 +0100
+++ p/mydms-1.4.4+1/inc/inc.ClassKeywords.php	2005-08-27 21:37:31.000000000 +0200
@@ -36,9 +36,6 @@
 {
 	GLOBAL $db, $settings;
 	
-	if (!is_numeric($settings->_adminID))
-			die ("invalid id");
-
 	$queryStr = "SELECT * FROM tblKeywordCategories";
 	if ($userID != -1)
 		$queryStr .= " WHERE owner = $userID OR owner = " . $settings->_adminID;
diff -urN mydms-1.4.4+1/inc/inc.ClassUser.php p/mydms-1.4.4+1/inc/inc.ClassUser.php
--- mydms-1.4.4+1/inc/inc.ClassUser.php	2007-02-16 17:18:31.000000000 +0100
+++ p/mydms-1.4.4+1/inc/inc.ClassUser.php	2005-08-27 21:37:39.000000000 +0200
@@ -116,12 +116,7 @@
 		$this->_isAdmin = $isAdmin;
 	}
 
-	function getID() {  
-			if (!is_numeric($this->_id)) 
-				die ("invalid id"); 
-
-			return $this->_id; 
-	}
+	function getID() { return $this->_id; }
 
 	function getLogin() { return $this->_login; }
 
diff -urN mydms-1.4.4+1/inc/inc.Utils.php p/mydms-1.4.4+1/inc/inc.Utils.php
--- mydms-1.4.4+1/inc/inc.Utils.php	2007-02-16 16:50:44.000000000 +0100
+++ p/mydms-1.4.4+1/inc/inc.Utils.php	2005-08-27 21:38:03.000000000 +0200
@@ -27,13 +27,13 @@
 
 function sanitizeString($string) {
 	$string = str_replace("'",  "", $string);
+	$string = str_replace("--", "", $string);
 	$string = str_replace("<",  "", $string);
 	$string = str_replace(">",  "", $string);
 	$string = str_replace("/*", "", $string);
 	$string = str_replace("*/", "", $string);
 	$string = str_replace("\"", "", $string);
-	$string = str_replace("--", "", $string);
-
+	
 	return $string;
 }
Reply to: