[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#698245: marked as done (tpu: package moodle/2.2.3.dfsg-2.6~wheezy2)

Your message dated Tue, 12 Mar 2013 19:26:08 +0000
with message-id <20130312192608.GL5712@ernie.home.powdarrmonkey.net>
and subject line Re: Bug#698245: unblock: moodle/2.2.3.dfsg-2.6~wheezy2
has caused the Debian Bug report #698245,
regarding tpu: package moodle/2.2.3.dfsg-2.6~wheezy2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
698245: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698245
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package moodle

I am about to get new version of the package uploaded to
testing-proposed-updates. The new version fixes a security issues from upstream release.
diff -Nru moodle-2.2.3.dfsg/debian/changelog moodle-2.2.3.dfsg/debian/changelog 
--- moodle-2.2.3.dfsg/debian/changelog	2012-12-31 18:26:26.000000000 +0100
+++ moodle-2.2.3.dfsg/debian/changelog	2013-01-15 22:29:57.000000000 +0100
@@ -1,3 +1,17 @@
+moodle (2.2.3.dfsg-2.6~wheezy2) testing-proposed-updates; urgency=low
+
+  * Backport security issues from upstream Moodle 2.2.7.
+ * MSA-13-0009: MDL-37467 - blog posts available via RSS after blogging disabled 
+    * MSA-13-0007: MDL-36600 - course message sending CSRF
+    * MSA-13-0001: MDL-37283 - lack of sanitization for google spellchecker
+    * MSA-13-0003: MDL-36977 - moodle backup paths not validated properly
+ * MSA-13-0002: MDL-27619 - teachers can set outcomes to be standard when re-editing + * MSA-13-0004: MDL-33340 - activity report showing lastaccess even if field hidden + * MSA-13-0008: MDL-36620 - guest users can access RSS feed for site level blogs 
+    * MSA-13-0005: MDL-35991 - open redirect issues
+
+ -- Tomasz Muras <nexor1984@gmail.com>  Tue, 15 Jan 2013 20:43:50 +0100
+
 moodle (2.2.3.dfsg-2.6~wheezy1) testing-proposed-updates; urgency=low

   * Fix possible security issue for curl in 3rd party libraries:
diff -Nru moodle-2.2.3.dfsg/debian/patches/0022-MDL-27619-teachers-can-set-outcomes-to-be-standard-when-re-editing.patch moodle-2.2.3.dfsg/debian/patches/0022-MDL-27619-teachers-can-set-outcomes-to-be-standard-when-re-editing.patch --- moodle-2.2.3.dfsg/debian/patches/0022-MDL-27619-teachers-can-set-outcomes-to-be-standard-when-re-editing.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0022-MDL-27619-teachers-can-set-outcomes-to-be-standard-when-re-editing.patch 2013-01-14 22:35:55.000000000 +0100 
@@ -0,0 +1,21 @@
+commit 8c27cc95349a6cce073651ebbff9b44394d4ecb7
+Author: Paul Nicholls <paul.nicholls@canterbury.ac.nz>
+Date:   Mon Aug 13 12:51:30 2012 +1200
+
+ MDL-27619: Prevent teachers from turning course Outcomes into site-wide ones 
+
+ Similar to the issue which allowed teachers to create site-wide scales by editing a course-specific scale (MDL-24682), teachers could also promote a course-specific scale to a site-wide (standard) by editing it. As with MDL-24682, removing the course ID check (leaving just the capability check) prevents this unauthorised creation of site-wide (standard) outcomes. 
+
+diff --git a/grade/edit/outcome/edit_form.php b/grade/edit/outcome/edit_form.php 
+index 6c1893e..a283f40 100644
+--- a/grade/edit/outcome/edit_form.php
++++ b/grade/edit/outcome/edit_form.php
+@@ -114,7 +114,7 @@ class edit_outcome_form extends moodleform {
+             if (empty($courseid)) {
+                 $mform->hardFreeze('standard');
+
+- } else if (empty($outcome->courseid) and !has_capability('moodle/grade:manage', get_context_instance(CONTEXT_SYSTEM))) { ++ } else if (!has_capability('moodle/grade:manage', get_context_instance(CONTEXT_SYSTEM))) { 
+                 $mform->hardFreeze('standard');
+
+             } else if ($coursecount and empty($outcome->courseid)) {
diff -Nru moodle-2.2.3.dfsg/debian/patches/0023-MDL-33340-activity-report-showing-lastaccess-even-if-it-is-a-hidden-field.patch moodle-2.2.3.dfsg/debian/patches/0023-MDL-33340-activity-report-showing-lastaccess-even-if-it-is-a-hidden-field.patch --- moodle-2.2.3.dfsg/debian/patches/0023-MDL-33340-activity-report-showing-lastaccess-even-if-it-is-a-hidden-field.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0023-MDL-33340-activity-report-showing-lastaccess-even-if-it-is-a-hidden-field.patch 2013-01-14 22:35:58.000000000 +0100 
@@ -0,0 +1,21 @@
+commit 53459511a96871583f6ed21517372b9bf4cbd96a
+Author: Ankit Agarwal <ankit@moodle.com>
+Date:   Mon Jun 25 14:10:42 2012 +0800
+
+    MDL-33340 completion: Incorrect logic in hidden field check
+
+    Credit to Jody Steele
+
+diff --git a/report/outline/index.php b/report/outline/index.php
+index c7abae3..7c82e66 100644
+--- a/report/outline/index.php
++++ b/report/outline/index.php
+@@ -42,7 +42,7 @@ add_to_log($course->id, 'course', 'report outline', "report/outline/index.php?id 
+ $showlastaccess = true;
+ $hiddenfields = explode(',', $CFG->hiddenuserfields);
+
+-if (array_search('lastaccess', $hiddenfields) and !has_capability('moodle/user:viewhiddendetails', $context)) { ++if (array_search('lastaccess', $hiddenfields) !== false and !has_capability('moodle/user:viewhiddendetails', $context)) { 
+     $showlastaccess = false;
+ }
+
diff -Nru moodle-2.2.3.dfsg/debian/patches/0024-MDL-35991_1-open-redirect-issues.patch moodle-2.2.3.dfsg/debian/patches/0024-MDL-35991_1-open-redirect-issues.patch --- moodle-2.2.3.dfsg/debian/patches/0024-MDL-35991_1-open-redirect-issues.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0024-MDL-35991_1-open-redirect-issues.patch 2013-01-14 22:36:10.000000000 +0100 
@@ -0,0 +1,81 @@
+commit b0f20bc995229d7f8eebf287759a2a2a65a2cbfa
+Author: Simon Coggins <simon.coggins@totaralms.com>
+Date:   Mon Jan 7 10:09:20 2013 +0800
+
+    MDL-35991 - use PARAM_LOCALURL for local urls
+
+    Conflicts:
+    	user/files.php
+
+diff --git a/backup/backupfilesedit.php b/backup/backupfilesedit.php
+index 0059bbc..67e72a0 100644
+--- a/backup/backupfilesedit.php
++++ b/backup/backupfilesedit.php
+@@ -33,7 +33,7 @@ $currentcontext = required_param('currentcontext', PARAM_INT); 
+ // file parameters
+ $component  = optional_param('component', null, PARAM_COMPONENT);
+ $filearea   = optional_param('filearea', null, PARAM_AREA);
+-$returnurl  = optional_param('returnurl', null, PARAM_URL);
++$returnurl  = optional_param('returnurl', null, PARAM_LOCALURL);
+
+ list($context, $course, $cm) = get_context_info_array($currentcontext);
+ $filecontext = get_context_instance_by_id($contextid);
+diff --git a/comment/comment_post.php b/comment/comment_post.php
+index 4e852b4..323a2da 100644
+--- a/comment/comment_post.php
++++ b/comment/comment_post.php
+@@ -34,7 +34,7 @@ $action = optional_param('action', '', PARAM_ALPHA); 
+ $area      = optional_param('area',      '',  PARAM_AREA);
+ $content   = optional_param('content',   '',  PARAM_RAW);
+ $itemid    = optional_param('itemid',    '',  PARAM_INT);
+-$returnurl = optional_param('returnurl', '/', PARAM_URL);
++$returnurl = optional_param('returnurl', '/', PARAM_LOCALURL);
+ $component = optional_param('component', '',  PARAM_COMPONENT);
+
+ // Currently this script can only add comments
+diff --git a/course/switchrole.php b/course/switchrole.php
+index 12cba20..dc387fb 100644
+--- a/course/switchrole.php
++++ b/course/switchrole.php
+@@ -35,7 +35,7 @@ require_once($CFG->dirroot.'/course/lib.php');
+
+ $id         = required_param('id', PARAM_INT);
+ $switchrole = optional_param('switchrole',-1, PARAM_INT);
+-$returnurl  = optional_param('returnurl', false, PARAM_URL);
++$returnurl  = optional_param('returnurl', false, PARAM_LOCALURL);
+
+ $PAGE->set_url('/course/switchrole.php', array('id'=>$id));
+
+@@ -86,4 +86,4 @@ if ($returnurl === false) {
+ $returnurl = new moodle_url('/course/view.php', array('id' => $course->id)); 
+ }
+
+-redirect($returnurl);
+\ No newline at end of file
++redirect($returnurl);
+diff --git a/mod/wiki/filesedit.php b/mod/wiki/filesedit.php
+index 0982095..f9e27fc 100644
+--- a/mod/wiki/filesedit.php
++++ b/mod/wiki/filesedit.php
+@@ -31,7 +31,7 @@ require_once("$CFG->dirroot/repository/lib.php");
+ $subwikiid = required_param('subwiki', PARAM_INT);
+ // not being used for file management, we use it to generate navbar link
+ $pageid    = optional_param('pageid', 0, PARAM_INT);
+-$returnurl = optional_param('returnurl', '', PARAM_URL);
++$returnurl = optional_param('returnurl', '', PARAM_LOCALURL);
+
+ if (!$subwiki = wiki_get_subwiki($subwikiid)) {
+     print_error('incorrectsubwikiid', 'wiki');
+diff --git a/tag/coursetags_add.php b/tag/coursetags_add.php
+index e5c316a..627e601 100644
+--- a/tag/coursetags_add.php
++++ b/tag/coursetags_add.php
+@@ -15,7 +15,7 @@ if (empty($CFG->usetags)) {
+     print_error('tagsaredisabled', 'tag');
+ }
+
+-$returnurl = optional_param('returnurl', null, PARAM_TEXT);
++$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);
+ $keyword = optional_param('coursetag_new_tag', '', PARAM_TEXT);
+ $courseid = optional_param('entryid', 0, PARAM_INT);
+ $userid = optional_param('userid', 0, PARAM_INT);
diff -Nru moodle-2.2.3.dfsg/debian/patches/0025-MDL-35991_2-open-redirect-issues.patch moodle-2.2.3.dfsg/debian/patches/0025-MDL-35991_2-open-redirect-issues.patch --- moodle-2.2.3.dfsg/debian/patches/0025-MDL-35991_2-open-redirect-issues.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0025-MDL-35991_2-open-redirect-issues.patch 2013-01-14 22:36:10.000000000 +0100 
@@ -0,0 +1,21 @@
+commit ac7efafb83b50b8c480a8a4a4097c3e7f75cd701
+Author: Dan Poltawski <dan@moodle.com>
+Date:   Thu Jan 10 09:46:03 2013 +0800
+
+    MDL-35991 - fix incorrect returnurl type
+
+    good catch, Adrian!
+
+diff --git a/user/filesedit.php b/user/filesedit.php
+index afc4d16..ac1d0ef 100644
+--- a/user/filesedit.php
++++ b/user/filesedit.php
+@@ -32,7 +32,7 @@ if (isguestuser()) {
+     die();
+ }
+
+-$returnurl = optional_param('returnurl', '', PARAM_URL);
++$returnurl = optional_param('returnurl', '', PARAM_LOCALURL);
+
+ if (empty($returnurl)) {
+     $returnurl = new moodle_url('/user/filesedit.php');
diff -Nru moodle-2.2.3.dfsg/debian/patches/0026-MDL-36600_1-course-message-sending-can-be-exploited-by-CSRF.patch moodle-2.2.3.dfsg/debian/patches/0026-MDL-36600_1-course-message-sending-can-be-exploited-by-CSRF.patch --- moodle-2.2.3.dfsg/debian/patches/0026-MDL-36600_1-course-message-sending-can-be-exploited-by-CSRF.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0026-MDL-36600_1-course-message-sending-can-be-exploited-by-CSRF.patch 2013-01-14 22:35:42.000000000 +0100 
@@ -0,0 +1,45 @@
+commit deaaa6f62f4ed3b8d9868ce8f8ce4b830f02af66
+Author: Andrew Robert Nicols <andrew.nicols@luns.net.uk>
+Date:   Wed Jan 9 09:23:07 2013 +1300
+
+    MDL-36600 user: improve course messaging checks
+
+diff --git a/user/message.html b/user/message.html
+index 6426111..9446751 100644
+--- a/user/message.html
++++ b/user/message.html
+@@ -1,5 +1,6 @@
+ <form id="theform" method="post" action="messageselect.php">
+ <input type="hidden" name="id" value="<?php p($id) ?>" />
++<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
+ <input type="hidden" name="returnto" value="<?php p($returnto) ?>" />
+ <input type="hidden" name="deluser" value="" />
+ <?php echo $OUTPUT->box_start(); ?>
+diff --git a/user/messageselect.php b/user/messageselect.php
+index d54d26d..e7cca96 100644
+--- a/user/messageselect.php
++++ b/user/messageselect.php
+@@ -91,7 +91,7 @@ $messagebody = $SESSION->emailselect[$id]['messagebody'];
+
+ $count = 0;
+
+-if ($data = data_submitted()) {
++if (($data = data_submitted()) && confirm_sesskey()) {
+     foreach ($data as $k => $v) {
+         if (preg_match('/^(user|teacher)(\d+)$/',$k,$m)) {
+             if (!array_key_exists($m[2],$SESSION->emailto[$id])) {
+@@ -136,12 +136,13 @@ if (!empty($messagebody) && !$edit && !$deluser && ($preview || $send)) { 
+ <input type="hidden" name="returnto" value="'.s($returnto).'" />
+ <input type="hidden" name="id" value="'.$id.'" />
+ <input type="hidden" name="format" value="'.$format.'" />
++<input type="hidden" name="sesskey" value="' . sesskey() . '" />
+ ';
+ echo "<h3>".get_string('previewhtml')."</h3><div class=\"messagepreview\">\n".format_text($messagebody,$format)."\n</div>\n"; + echo '<p align="center"><input type="submit" name="send" value="'.get_string('sendmessage', 'message').'" />'."\n"; + echo '<input type="submit" name="edit" value="'.get_string('update').'" /></p>'; 
+             echo "\n</form>";
+-        } else if (!empty($send)) {
++        } else if (!empty($send) && require_sesskey()) {
+             $good = 1;
+             foreach ($SESSION->emailto[$id] as $user) {
+ $good = $good && message_post_message($USER,$user,$messagebody,$format); diff -Nru moodle-2.2.3.dfsg/debian/patches/0027-MDL-36600_2-course-message-sending-can-be-exploited-by-CSRF.patch moodle-2.2.3.dfsg/debian/patches/0027-MDL-36600_2-course-message-sending-can-be-exploited-by-CSRF.patch --- moodle-2.2.3.dfsg/debian/patches/0027-MDL-36600_2-course-message-sending-can-be-exploited-by-CSRF.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0027-MDL-36600_2-course-message-sending-can-be-exploited-by-CSRF.patch 2013-01-14 22:35:42.000000000 +0100 
@@ -0,0 +1,45 @@
+commit c7fbbf73e3f501d4247989a0667871ceefaf4ac1
+Author: Andrew Robert Nicols <andrew.nicols@luns.net.uk>
+Date:   Wed Jan 9 08:35:02 2013 +0000
+
+    MDL-36600 Add missing sesskey check when previewing the message
+
+diff --git a/user/messageselect.php b/user/messageselect.php
+index e7cca96..01de42d 100644
+--- a/user/messageselect.php
++++ b/user/messageselect.php
+@@ -91,7 +91,8 @@ $messagebody = $SESSION->emailselect[$id]['messagebody'];
+
+ $count = 0;
+
+-if (($data = data_submitted()) && confirm_sesskey()) {
++if ($data = data_submitted()) {
++    require_sesskey();
+     foreach ($data as $k => $v) {
+         if (preg_match('/^(user|teacher)(\d+)$/',$k,$m)) {
+             if (!array_key_exists($m[2],$SESSION->emailto[$id])) {
+@@ -130,6 +131,7 @@ if ($count) {
+ }
+
+ if (!empty($messagebody) && !$edit && !$deluser && ($preview || $send)) {
++    require_sesskey();
+     if (count($SESSION->emailto[$id])) {
+         if (!empty($preview)) {
+ echo '<form method="post" action="messageselect.php" style="margin: 0 20px;"> +@@ -142,7 +144,7 @@ if (!empty($messagebody) && !$edit && !$deluser && ($preview || $send)) { + echo '<p align="center"><input type="submit" name="send" value="'.get_string('sendmessage', 'message').'" />'."\n"; + echo '<input type="submit" name="edit" value="'.get_string('update').'" /></p>'; 
+             echo "\n</form>";
+-        } else if (!empty($send) && require_sesskey()) {
++        } else if (!empty($send)) {
+             $good = 1;
+             foreach ($SESSION->emailto[$id] as $user) {
+ $good = $good && message_post_message($USER,$user,$messagebody,$format); +@@ -170,6 +172,7 @@ if ((!empty($send) || !empty($preview) || !empty($edit)) && (empty($messagebody) 
+ }
+
+ if (count($SESSION->emailto[$id])) {
++    require_sesskey();
+     $usehtmleditor = can_use_html_editor();
+     require("message.html");
+ }
diff -Nru moodle-2.2.3.dfsg/debian/patches/0028-MDL-36620-guest-users-can-access-RSS-feed-for-site-level-blogs.patch moodle-2.2.3.dfsg/debian/patches/0028-MDL-36620-guest-users-can-access-RSS-feed-for-site-level-blogs.patch --- moodle-2.2.3.dfsg/debian/patches/0028-MDL-36620-guest-users-can-access-RSS-feed-for-site-level-blogs.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0028-MDL-36620-guest-users-can-access-RSS-feed-for-site-level-blogs.patch 2013-01-14 22:36:04.000000000 +0100 
@@ -0,0 +1,27 @@
+commit 591b34218c9ab95cf137987f0bb8d4e60e28936a
+Author: Jason Fowler <phalacee@gmail.com>
+Date:   Thu Nov 22 15:44:27 2012 +0800
+
+ MDL-36620 - Blog, RSS - Preventing Guests from viewing the RSS of site level blogs 
+
+    Conflicts:
+    	blog/rsslib.php
+
+diff --git a/blog/rsslib.php b/blog/rsslib.php
+index 6ba735d..f02a0f3 100644
+--- a/blog/rsslib.php
++++ b/blog/rsslib.php
+@@ -109,6 +109,13 @@ function blog_rss_get_feed($context, $args) {
+         return '';
+     }
+
++    if ($CFG->bloglevel == BLOG_SITE_LEVEL) {
++        if (isguestuser()) {
++            debugging(get_string('nopermissiontoshow','error'));
++            return '';
++        }
++    }
++
+     $sitecontext = get_context_instance(CONTEXT_SYSTEM);
+     if (!has_capability('moodle/blog:view', $sitecontext)) {
+         return null;
diff -Nru moodle-2.2.3.dfsg/debian/patches/0029-MDL-36977-moodle1-backup-converter-path-not-properly-validated.patch moodle-2.2.3.dfsg/debian/patches/0029-MDL-36977-moodle1-backup-converter-path-not-properly-validated.patch --- moodle-2.2.3.dfsg/debian/patches/0029-MDL-36977-moodle1-backup-converter-path-not-properly-validated.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0029-MDL-36977-moodle1-backup-converter-path-not-properly-validated.patch 2013-01-14 23:59:31.000000000 +0100 
@@ -0,0 +1,36 @@
+commit 890066d6dca6930bc37cf838c756b6108c1def0f
+Author: David Mudrák <david@moodle.com>
+Date:   Mon Jan 7 22:21:08 2013 +0100
+
+ MDL-36977 Be more picky when it comes to migrating files in moodle1 backups 
+
+Patch could not be cherry-picked cleanly from upstream git - the first hunk was 
+modified by the maintainer (Tomasz Muras).
+
+diff --git a/backup/converter/moodle1/lib.php b/backup/converter/moodle1/lib.php 
+index 86e2026..8f7fba4 100644
+--- a/backup/converter/moodle1/lib.php
++++ b/backup/converter/moodle1/lib.php
+@@ -640,7 +640,10 @@ class moodle1_converter extends base_converter {
+             return $files;
+         }
+         foreach ($matches[2] as $match) {
+- $files[] = str_replace(array('$@FILEPHP@$', '$@SLASH@$', '$@FORCEDOWNLOAD@$'), array('', '/', ''), $match); ++ $file = str_replace(array('$@FILEPHP@$', '$@SLASH@$', '$@FORCEDOWNLOAD@$'), array('', '/', ''), $match); 
++            if ($file === clean_param($file, PARAM_PATH)) {
++                $files[] = rawurldecode($file);
++            }
+         }
+
+         return array_unique($files);
+@@ -1205,6 +1208,10 @@ class moodle1_file_manager implements loggable {
+
+         $sourcefullpath = $this->basepath.'/'.$sourcepath;
+
++ if ($sourcefullpath !== clean_param($sourcefullpath, PARAM_PATH)) { ++ throw new moodle1_convert_exception('file_invalid_path', $sourcefullpath); 
++        }
++
+         if (!is_readable($sourcefullpath)) {
+ throw new moodle1_convert_exception('file_not_readable', $sourcefullpath); 
+         }
diff -Nru moodle-2.2.3.dfsg/debian/patches/0030-MDL-37283-import-tinymce-spellchecker-2.0.6.1.patch moodle-2.2.3.dfsg/debian/patches/0030-MDL-37283-import-tinymce-spellchecker-2.0.6.1.patch --- moodle-2.2.3.dfsg/debian/patches/0030-MDL-37283-import-tinymce-spellchecker-2.0.6.1.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0030-MDL-37283-import-tinymce-spellchecker-2.0.6.1.patch 2013-01-14 22:35:47.000000000 +0100 
@@ -0,0 +1,29 @@
+commit 6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
+Author: Petr Škoda <commits@skodak.org>
+Date:   Sat Dec 22 16:50:09 2012 +0100
+
+    MDL-37283 import tinymce spellchecker 2.0.6.1
+
+diff --git a/lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/changelog.txt b/lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/changelog.txt 
+index f41ec7f..9c22855 100644
+--- a/lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/changelog.txt
++++ b/lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/changelog.txt
+@@ -1,3 +1,5 @@
++Version 2.0.6.1 (2012-11-16)
++	Fixed security issue with google spellchecker.
+ Version 2.0.6 (2011-09-29)
+ 	Fixed incorrect position of suggestion menu.
+ Fixed handling of mispelled words with no suggestions in PSpellShell engine. +diff --git a/lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/classes/GoogleSpell.php b/lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/classes/GoogleSpell.php 
+index e2526e3..559153a 100644
+--- a/lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/classes/GoogleSpell.php ++++ b/lib/editor/tinymce/tiny_mce/3.4.9/plugins/spellchecker/classes/GoogleSpell.php 
+@@ -51,6 +51,8 @@ class GoogleSpell extends SpellChecker {
+ 	}
+
+ 	function &_getMatches($lang, $str) {
++ $lang = preg_replace('/[^a-z\-]/i', '', $lang); // Sanitize, remove everything but a-z or - ++ $str = preg_replace('/[\x00-\x1F\x7F]/', '', $str); // Sanitize, remove all control characters 
+ 		$server = "www.google.com";
+ 		$port = 443;
+ 		$path = "/tbproxy/spell?lang=" . $lang . "&hl=en";
diff -Nru moodle-2.2.3.dfsg/debian/patches/0031-MDL-37467-blog-posts-still-available-via-RSS-even-after-the-blogging-is-disabled.patch moodle-2.2.3.dfsg/debian/patches/0031-MDL-37467-blog-posts-still-available-via-RSS-even-after-the-blogging-is-disabled.patch --- moodle-2.2.3.dfsg/debian/patches/0031-MDL-37467-blog-posts-still-available-via-RSS-even-after-the-blogging-is-disabled.patch 1970-01-01 01:00:00.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/0031-MDL-37467-blog-posts-still-available-via-RSS-even-after-the-blogging-is-disabled.patch 2013-01-14 22:27:53.000000000 +0100 
@@ -0,0 +1,22 @@
+commit 52f9e3ee5646e777cc09149e3aea55a3255b2ca4
+Author: David Mudrák <david@moodle.com>
+Date:   Thu Jan 10 16:57:10 2013 +0100
+
+    MDL-37467 Do not provide blog posts via RSS when blogging is disabled
+
+diff --git a/blog/rsslib.php b/blog/rsslib.php
+index f02a0f3..f5b8e31 100644
+--- a/blog/rsslib.php
++++ b/blog/rsslib.php
+@@ -104,6 +104,11 @@ function blog_rss_get_params($filters) {
+ function blog_rss_get_feed($context, $args) {
+     global $CFG, $SITE, $DB;
+
++    if (empty($CFG->bloglevel)) {
++ debugging('Blogging disabled on this site, RSS feeds are not available'); 
++        return null;
++    }
++
+     if (empty($CFG->enablerssfeeds)) {
+         debugging('Sorry, RSS feeds are disabled on this site');
+         return '';
diff -Nru moodle-2.2.3.dfsg/debian/patches/series moodle-2.2.3.dfsg/debian/patches/series --- moodle-2.2.3.dfsg/debian/patches/series 2012-11-29 18:00:57.000000000 +0100 +++ moodle-2.2.3.dfsg/debian/patches/series 2013-01-15 21:43:02.000000000 +0100 
@@ -19,3 +19,13 @@
 0019-MDL-33791-Portfolio-Fixed-security-issue-with-passin.patch
 0020-MDL-35558-mod_data-Show-only-own-entries-while-there.patch
 0021-MDL-36818-Wrong-value-for-CURLOPT_SSL_VERIFYHOST.patch
+0022-MDL-27619-teachers-can-set-outcomes-to-be-standard-when-re-editing.patch
+0023-MDL-33340-activity-report-showing-lastaccess-even-if-it-is-a-hidden-field.patch
+0024-MDL-35991_1-open-redirect-issues.patch
+0025-MDL-35991_2-open-redirect-issues.patch
+0026-MDL-36600_1-course-message-sending-can-be-exploited-by-CSRF.patch
+0027-MDL-36600_2-course-message-sending-can-be-exploited-by-CSRF.patch
+0028-MDL-36620-guest-users-can-access-RSS-feed-for-site-level-blogs.patch
+0029-MDL-36977-moodle1-backup-converter-path-not-properly-validated.patch
+0030-MDL-37283-import-tinymce-spellchecker-2.0.6.1.patch
+0031-MDL-37467-blog-posts-still-available-via-RSS-even-after-the-blogging-is-disabled.patch

unblock moodle/2.2.3.dfsg-2.6~wheezy2


Tomasz Muras

--- End Message ---
--- Begin Message --- 
Removal hint added.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: