mydms in etch
Hi,
I've uploaded mydms package to unstable. It contains two security bugs
solved. I've contacted first with security team and said me to upload it
to unstable with priority high.
Please, let it enter in ethc.
The differences are attached.
Thanks.
diff -urN mydms-1.4.4+1/debian/changelog p/mydms-1.4.4+1/debian/changelog
--- mydms-1.4.4+1/debian/changelog 2007-03-10 09:10:11.000000000 +0100
+++ p/mydms-1.4.4+1/debian/changelog 2007-03-10 09:16:43.000000000 +0100
@@ -1,13 +1,3 @@
-mydms (1.4.4+1-5) unstable; urgency=high
-
- * Security: SQL Injection could be done changing cookies content if the
- userID is not checked to be numeric only (Thanks to Rolan Benavent from
- Dulasoft SL)
- * Security: SQL Injection could be done as result of an incorrect checking
- order in sanitize function.
-
- -- Miguel Gea Milvaques <xerakko@debian.org> Fri, 16 Feb 2007 17:21:38 +0100
-
mydms (1.4.4+1-4) unstable; urgency=low
* Conditional use for dbconfig-common templates at mydms.config file
diff -urN mydms-1.4.4+1/inc/inc.ClassKeywords.php p/mydms-1.4.4+1/inc/inc.ClassKeywords.php
--- mydms-1.4.4+1/inc/inc.ClassKeywords.php 2007-02-16 17:12:15.000000000 +0100
+++ p/mydms-1.4.4+1/inc/inc.ClassKeywords.php 2005-08-27 21:37:31.000000000 +0200
@@ -36,9 +36,6 @@
{
GLOBAL $db, $settings;
- if (!is_numeric($settings->_adminID))
- die ("invalid id");
-
$queryStr = "SELECT * FROM tblKeywordCategories";
if ($userID != -1)
$queryStr .= " WHERE owner = $userID OR owner = " . $settings->_adminID;
diff -urN mydms-1.4.4+1/inc/inc.ClassUser.php p/mydms-1.4.4+1/inc/inc.ClassUser.php
--- mydms-1.4.4+1/inc/inc.ClassUser.php 2007-02-16 17:18:31.000000000 +0100
+++ p/mydms-1.4.4+1/inc/inc.ClassUser.php 2005-08-27 21:37:39.000000000 +0200
@@ -116,12 +116,7 @@
$this->_isAdmin = $isAdmin;
}
- function getID() {
- if (!is_numeric($this->_id))
- die ("invalid id");
-
- return $this->_id;
- }
+ function getID() { return $this->_id; }
function getLogin() { return $this->_login; }
diff -urN mydms-1.4.4+1/inc/inc.Utils.php p/mydms-1.4.4+1/inc/inc.Utils.php
--- mydms-1.4.4+1/inc/inc.Utils.php 2007-02-16 16:50:44.000000000 +0100
+++ p/mydms-1.4.4+1/inc/inc.Utils.php 2005-08-27 21:38:03.000000000 +0200
@@ -27,13 +27,13 @@
function sanitizeString($string) {
$string = str_replace("'", "", $string);
+ $string = str_replace("--", "", $string);
$string = str_replace("<", "", $string);
$string = str_replace(">", "", $string);
$string = str_replace("/*", "", $string);
$string = str_replace("*/", "", $string);
$string = str_replace("\"", "", $string);
- $string = str_replace("--", "", $string);
-
+
return $string;
}
Reply to: