[interchange-cvs] interchange - heins modified 4 files

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Thu Sep 22 13:52:58 EDT 2005


User:      heins
Date:      2005-09-22 17:52:58 GMT
Modified:  .        Tag: STABLE_5_2-branch README WHATSNEW
Modified:  dist/foundation/pages/forum Tag: STABLE_5_2-branch
Modified:           submit.html
Modified:  scripts  Tag: STABLE_5_2-branch interchange.PL
Log:
* Fix SQL injection problem.

* Update versions, WHATSNEW, etc. in prep for release.

Revision  Changes    Path
No                   revision



No                   revision



2.23.2.3  +2 -2      interchange/README


rev 2.23.2.3, prev_rev 2.23.2.2
Index: README
===================================================================
RCS file: /var/cvs/interchange/README,v
retrieving revision 2.23.2.2
retrieving revision 2.23.2.3
diff -u -r2.23.2.2 -r2.23.2.3
--- README	5 May 2004 13:20:00 -0000	2.23.2.2
+++ README	22 Sep 2005 17:52:57 -0000	2.23.2.3
@@ -2,9 +2,9 @@
 
                            I N T E R C H A N G E
 
-Interchange 5.2.0
+Interchange 5.2.1
 
-Copyright (C) 2002-2004 Interchange Development Group
+Copyright (C) 2002-2005 Interchange Development Group
 Copyright (C) 1996-2002 Red Hat, Inc.
 
 Originally based on Vend 0.2 and 0.3, copyright 1995-96 by Andrew M. Wilcox.



2.201.2.8 +11 -0     interchange/Attic/WHATSNEW


rev 2.201.2.8, prev_rev 2.201.2.7
Index: WHATSNEW
===================================================================
RCS file: /var/cvs/interchange/Attic/WHATSNEW,v
retrieving revision 2.201.2.7
retrieving revision 2.201.2.8
diff -u -r2.201.2.7 -r2.201.2.8
--- WHATSNEW	5 May 2004 13:20:00 -0000	2.201.2.7
+++ WHATSNEW	22 Sep 2005 17:52:57 -0000	2.201.2.8
@@ -6,6 +6,17 @@
 ------------------------------------------------------------------------------
 
 
+Interchange 5.2.1 released 2005-09-22.
+
+
+Security
+---------
+
+* Fix SQL injection vulnerability in pages/forum/submit.html.
+
+------------------------------------------------------------------------------
+
+
 Interchange 5.2.0 released 2004-05-05.
 
 



No                   revision



No                   revision



1.2.6.1   +50 -11    interchange/dist/foundation/pages/forum/Attic/submit.html


rev 1.2.6.1, prev_rev 1.2
Index: submit.html
===================================================================
RCS file: /var/cvs/interchange/dist/foundation/pages/forum/Attic/submit.html,v
retrieving revision 1.2
retrieving revision 1.2.6.1
diff -u -r1.2 -r1.2.6.1
--- submit.html	6 Oct 2002 02:55:50 -0000	1.2
+++ submit.html	22 Sep 2005 17:52:57 -0000	1.2.6.1
@@ -28,6 +28,15 @@
 
 @_LEFTONLY_TOP_@
 
+[if cgi product]
+[perl tables=products]
+	## Set the subject if coming from product page
+	my $desc = tag_data('products', $Config->{DescriptionField}, $Session->{arg});
+	$CGI->{subject} = $desc;
+	return;
+[/perl]
+[/if]
+
 [perl tables="forum"]
 #code	parent	artid	mod_time	created	username	host	score	lastscore	reason	anon	extended	subject	comment
 	sub scrub {
@@ -39,13 +48,16 @@
 		my $noscrub;
 		if(! $type) {
 			# do nothing
+			$value =~ s/\[/[/g;
 		}
 		elsif($type eq '2') {
 			$value = $Tag->filter('text2html', $value);
+			$value =~ s/\[/[/g;
 		}
 		elsif($type eq '4') {
 			unless ($value =~ m{</\s*xmp\s*>}i) {
 				$noscrub = 1;
+				$value =~ s/\[//g;
 				$value = "<XMP>$value</XMP>";
 			}
 		}
@@ -54,6 +66,10 @@
 			unless $noscrub;
 		return $value;
 	}
+	if($CGI->{product}) {
+		$Session->{forum_start} ||= {};
+		$Session->{forum_start}{$CGI->{product}} = 1;
+	}
 	return;
 [/perl]
 
@@ -64,8 +80,10 @@
 	<table>
 	<tr>
 	<td bgcolor="#eeeeee">
-	<B>[cgi name=subject filter=restrict_html]<br>
-	by [either][value fname][or]Shrinking Violet[/either] on [convert-date fmt="%A, %B %e, %Y @%H:%M"][/convert-date]<B>
+	[restrict enable=cgi]
+	<B>[cgi name=subject filter="restrict_html"]<br>
+	[/restrict]
+	by [either][value fname][or]Guest user[/either] on [convert-date fmt="%A, %B %e, %Y @%H:%M"][/convert-date]<B>
 	</td>
 	</tr>
 	<tr>
@@ -102,7 +120,7 @@
 	my $db = $Db{forum}
 		or return "Database error.";
 	$v{host} = $Session->{host};
-	$v{score} = 0;
+	$v{score} = 1;
 	my $noscrub;
 	if(! $CGI->{commtype}) {
 		# do nothing
@@ -123,11 +141,29 @@
 	$v{mod_time} =
 	$v{created} =  $Tag->time( { body => "%Y-%m-%d %H:%M:%S" });
 	$v{subject} =  $Tag->filter('encode_entities', $CGI->{subject}, 'subject');
-	$v{artid}  =  '0';
-	$v{parent} =  '0';
-	$Scratch->{tmp_code} = $db->set_slice(undef, [ keys %v ], [values %v])
+	$v{artid}  =  $CGI->{artid} || 0;
+
+	my $code;
+
+	if($CGI->{parent}) {
+		my $existing = $db->query("select * from forum where parent = '$CGI->{parent}'");
+		if($existing and ! @$existing) {
+			$v{artid} = $CGI->{parent};
+			$code = $CGI->{parent};
+			$v{parent} = 0;
+		}
+		else {
+			$v{parent} =  $CGI->{parent};
+		}
+	}
+	$Scratch->{tmp_code} = $db->set_slice($code, \%v)
 		or return "Error submitting reply!";
 	$Scratch->{tmp_code} =~ s/'//g;
+
+	unless ($code) {
+		$Scratch->{tmp_code} = $v{parent};
+	}
+
 	## This is special processing only if there is a submission email address
 	## is found
 	if($Variable->{FORUM_SUBMIT_EMAIL}) {
@@ -174,11 +210,14 @@
 	return;
 [/perl]
 
-	[if scratch tmp_code]
-		Your story has been submitted. You will receive a response when it
-		is handled. For questions, contact <A HREF="mailto:webmaster at perusion.com">webmaster at perusion.com</A>
-		<P>
-		[page index]Return to the Intranet home</A>
+	[if cgi parent]
+		Your comment has been submitted.
+		[if type=data term="products::sku::[cgi parent]"]
+		 [page href="[cgi parent]"]Return to product</a>.
+		[else]
+		 [page href="forum/display" arg="[cgi parent]"]See in context.
+		[/else]
+		[/if]
 	[/if]
 [else]
 	[include include/forum/submit_form]



No                   revision



No                   revision



2.79.2.3  +7 -7      interchange/scripts/interchange.PL


rev 2.79.2.3, prev_rev 2.79.2.2
Index: interchange.PL
===================================================================
RCS file: /var/cvs/interchange/scripts/interchange.PL,v
retrieving revision 2.79.2.2
retrieving revision 2.79.2.3
diff -u -r2.79.2.2 -r2.79.2.3
--- interchange.PL	5 May 2004 13:20:02 -0000	2.79.2.2
+++ interchange.PL	22 Sep 2005 17:52:57 -0000	2.79.2.3
@@ -1,11 +1,11 @@
 #!/usr/bin/perl
 ##!~_~perlpath~_~
 #
-# Interchange version 5.2.0
+# Interchange version 5.2.1
 #
-# $Id: interchange.PL,v 2.79.2.2 2004/05/05 13:20:02 jon Exp $
+# $Id: interchange.PL,v 2.79.2.3 2005/09/22 17:52:57 mheins Exp $
 #
-# Copyright (C) 2002-2004 Interchange Development Group
+# Copyright (C) 2002-2005 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
 # http://www.icdevgroup.org/
 #
@@ -140,7 +140,7 @@
 require Exporter;
 
 BEGIN {
-	$VERSION = '5.2.0';
+	$VERSION = '5.2.1';
 
 	unless ($] >= 5.006) {
 		die "Interchange $VERSION requires Perl 5.6.0 or later,\nbut you're trying to run it under Perl $]. Exiting.\n";
@@ -341,7 +341,7 @@
 }
 
 sub version {
-	print "Interchange version $VERSION copyright 2002-2004 Interchange Development Group and others.\n";
+	print "Interchange version $VERSION copyright 2002-2005 Interchange Development Group and others.\n";
 }
 
 =head1 NAME
@@ -354,7 +354,7 @@
 
 =head1 VERSION
 
-5.2.0
+5.2.1
 
 =head1 DESCRIPTION
 
@@ -960,7 +960,7 @@
 
 =head1 COPYRIGHT
 
-Copyright (C) 2002-2004 Interchange Development Group
+Copyright (C) 2002-2005 Interchange Development Group
 Copyright (C) 1995-2002 Red Hat, Inc.
 All rights reserved except those granted in the license.
 








More information about the interchange-cvs mailing list