|
|
|
Choosing A Webhost: |
mantisbt/core constant_inc.php,1.52,1.52.4.1 filter_api.php,1.122.2.2.2.2,1: msg#00023bug-tracking.mantis.cvs
Update of /cvsroot/mantisbt/mantisbt/core In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18007/core Modified Files: Tag: BRANCH_1_0_0rc3 constant_inc.php filter_api.php Log Message: fix for 0006489: Port Injection Vulnerabilities in Filters (TKADV2005-11-002) Index: constant_inc.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/constant_inc.php,v retrieving revision 1.52 retrieving revision 1.52.4.1 diff -u -d -r1.52 -r1.52.4.1 --- constant_inc.php 4 Aug 2005 19:54:03 -0000 1.52 +++ constant_inc.php 12 Dec 2005 02:46:19 -0000 1.52.4.1 @@ -306,8 +306,8 @@ # Meta filter values define( 'META_FILTER_MYSELF', -1 ); - define( 'META_FILTER_NONE', '[none]' ); - define( 'META_FILTER_ANY', '[any]' ); + define( 'META_FILTER_NONE', -2 ); + define( 'META_FILTER_ANY', 0 ); # Versions define( 'VERSION_ALL', null ); Index: filter_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/filter_api.php,v retrieving revision 1.122.2.2.2.2 retrieving revision 1.122.2.2.2.3 diff -u -d -r1.122.2.2.2.2 -r1.122.2.2.2.3 --- filter_api.php 8 Dec 2005 22:28:16 -0000 1.122.2.2.2.2 +++ filter_api.php 12 Dec 2005 02:46:19 -0000 1.122.2.2.2.3 @@ -1218,13 +1218,13 @@ foreach( $t_filter['show_category'] as $t_current ) { $t_current = stripslashes( $t_current ); ?> - <input type="hidden" name="show_category[]" value="<?php echo $t_current;?>" /> + <input type="hidden" name="show_category[]" value="<?php echo string_display( $t_current );?>" /> <?php $t_this_string = ''; if ( ( $t_current == META_FILTER_ANY ) || ( is_blank( $t_current ) ) ) { $t_any_found = true; } else { - $t_this_string = $t_current; + $t_this_string = string_display( $t_current ); } if ( $t_first_flag != true ) { $t_output = $t_output . '<br />'; @@ -1466,7 +1466,7 @@ foreach( $t_filter['show_build'] as $t_current ) { $t_current = stripslashes( $t_current ); ?> - <input type="hidden" name="show_build[]" value="<?php echo $t_current;?>" /> + <input type="hidden" name="show_build[]" value="<?php echo string_display( $t_current );?>" /> <?php $t_this_string = ''; if ( ( $t_current == META_FILTER_ANY ) || ( is_blank( $t_current ) ) ) { @@ -1474,7 +1474,7 @@ } else if ( META_FILTER_NONE == $t_current ) { $t_this_string = lang_get( 'none' ); } else { - $t_this_string = $t_current; + $t_this_string = string_display( $t_current ); } if ( $t_first_flag != true ) { $t_output = $t_output . '<br />'; @@ -1503,7 +1503,7 @@ foreach( $t_filter['show_version'] as $t_current ) { $t_current = stripslashes( $t_current ); ?> - <input type="hidden" name="show_version[]" value="<?php echo $t_current;?>" /> + <input type="hidden" name="show_version[]" value="<?php echo string_display( $t_current );?>" /> <?php $t_this_string = ''; if ( ( $t_current == META_FILTER_ANY ) || ( is_blank( $t_current ) ) ) { @@ -1511,7 +1511,7 @@ } else if ( META_FILTER_NONE == $t_current ) { $t_this_string = lang_get( 'none' ); } else { - $t_this_string = $t_current; + $t_this_string = string_display( $t_current ); } if ( $t_first_flag != true ) { $t_output = $t_output . '<br />'; @@ -1539,7 +1539,7 @@ foreach( $t_filter['fixed_in_version'] as $t_current ) { $t_current = stripslashes( $t_current ); ?> - <input type="hidden" name="fixed_in_version[]" value="<?php echo $t_current;?>" /> + <input type="hidden" name="fixed_in_version[]" value="<?php echo string_display( $t_current );?>" /> <?php $t_this_string = ''; if ( ( $t_current == META_FILTER_ANY ) || ( is_blank( $t_current ) ) ) { @@ -1547,7 +1547,7 @@ } else if ( META_FILTER_NONE == $t_current ) { $t_this_string = lang_get( 'none' ); } else { - $t_this_string = $t_current; + $t_this_string = string_display( $t_current ); } if ( $t_first_flag != true ) { $t_output = $t_output . '<br />'; @@ -1641,9 +1641,9 @@ </td> <td class="small-caption" valign="top" id="view_state_filter_target"> <?php - if ( VS_PUBLIC == $t_filter['view_state'] ) { + if ( VS_PUBLIC === $t_filter['view_state'] ) { PRINT lang_get( 'public' ); - } else if ( VS_PRIVATE == $t_filter['view_state'] ) { + } else if ( VS_PRIVATE === $t_filter['view_state'] ) { PRINT lang_get( 'private' ); } else { PRINT lang_get( 'any' ); @@ -1880,7 +1880,7 @@ } else if ( META_FILTER_NONE == $t_current ) { $t_this_string = lang_get( 'none' ); } else { - $t_this_string = $t_current; + $t_this_string = string_display( $t_current ); } if ( $t_first_flag != true ) { @@ -1890,7 +1890,7 @@ } $t_output = $t_output . $t_this_string; - $t_values .= '<input type="hidden" name="custom_field_'.$t_accessible_custom_fields_ids[$i].'[]" value="'.$t_current.'" />'; + $t_values .= '<input type="hidden" name="custom_field_'.$t_accessible_custom_fields_ids[$i].'[]" value="'.string_display( $t_current ).'" />'; } } @@ -2328,6 +2328,8 @@ # Make sure that our filters are entirely correct and complete (it is possible that they are not). # We need to do this to cover cases where we don't have complete control over the filters given. function filter_ensure_valid_filter( $p_filter_arr ) { + + # extend current filter to add information passed via POST if ( !isset( $p_filter_arr['_version'] ) ) { $p_filter_arr['_version'] = config_get( 'cookie_version' ); } @@ -2353,46 +2355,6 @@ if ( !isset( $p_filter_arr['dir'] ) ) { $p_filter_arr['dir'] = "DESC"; } - #validate sorting - $t_fields = helper_call_custom_function( 'get_columns_to_view', array() ); - $t_n_fields = count( $t_fields ); - $t_shown_fields[""] = ""; - for ( $i=0; $i < $t_n_fields; $i++ ) { - if ( in_array( $t_fields[$i], array( 'selection', 'edit', 'bugnotes_count', 'attachment' ) ) ) { - unset( $t_fields[$i] ); - } - } - $t_sort_fields = split( ',', $p_filter_arr['sort'] ); - $t_dir_fields = split( ',', $p_filter_arr['dir'] ); - for ( $i=0; $i<2; $i++ ) { - if ( isset( $t_sort_fields[$i] ) ) { - $t_drop = false; - $t_sort = $t_sort_fields[$i]; - if ( strpos( $t_sort, 'custom_' ) === 0 ) { - if ( false === custom_field_get_id_from_name( substr( $t_sort, strlen( 'custom_' ) ) ) ) { - $t_drop = true; - } - } else { - if ( ! in_array( $t_sort, $t_fields ) ) { - $t_drop = true; - } - } - if ( ! in_array( $t_dir_fields[$i], array( "ASC", "DESC" ) ) ) { - $t_drop = true; - } - if ( $t_drop ) { - unset( $t_sort_fields[$i] ); - unset( $t_dir_fields[$i] ); - } - } - } - if ( count( $t_sort_fields ) > 0 ) { - $p_filter_arr['sort'] = implode( ',', $t_sort_fields ); - $p_filter_arr['dir'] = implode( ',', $t_dir_fields ); - } else { - $p_filter_arr['sort'] = "last_updated"; - $p_filter_arr['dir'] = "DESC"; - } if ( !isset( $p_filter_arr['start_month'] ) ) { $p_filter_arr['start_month'] = gpc_get_string( 'start_month', date( 'm' ) ); @@ -2446,19 +2408,60 @@ } } + #validate sorting + $t_fields = helper_call_custom_function( 'get_columns_to_view', array() ); + $t_n_fields = count( $t_fields ); + for ( $i=0; $i < $t_n_fields; $i++ ) { + if ( in_array( $t_fields[$i], array( 'selection', 'edit', 'bugnotes_count', 'attachment' ) ) ) { + unset( $t_fields[$i] ); + } + } + $t_sort_fields = split( ',', $p_filter_arr['sort'] ); + $t_dir_fields = split( ',', $p_filter_arr['dir'] ); + for ( $i=0; $i<2; $i++ ) { + if ( isset( $t_sort_fields[$i] ) ) { + $t_drop = false; + $t_sort = $t_sort_fields[$i]; + if ( strpos( $t_sort, 'custom_' ) === 0 ) { + if ( false === custom_field_get_id_from_name( substr( $t_sort, strlen( 'custom_' ) ) ) ) { + $t_drop = true; + } + } else { + if ( ! in_array( $t_sort, $t_fields ) ) { + $t_drop = true; + } + } + if ( ! in_array( $t_dir_fields[$i], array( "ASC", "DESC" ) ) ) { + $t_drop = true; + } + if ( $t_drop ) { + unset( $t_sort_fields[$i] ); + unset( $t_dir_fields[$i] ); + } + } + } + if ( count( $t_sort_fields ) > 0 ) { + $p_filter_arr['sort'] = implode( ',', $t_sort_fields ); + $p_filter_arr['dir'] = implode( ',', $t_dir_fields ); + } else { + $p_filter_arr['sort'] = "last_updated"; + $p_filter_arr['dir'] = "DESC"; + } + + # validate or filter junk from other fields $t_multi_select_list = array( 'show_category' => 'string', - 'show_severity' => 'string', - 'show_status' => 'string', - 'reporter_id' => 'string', - 'handler_id' => 'string', - 'show_resolution' => 'string', - 'show_priority' => 'string', + 'show_severity' => 'int', + 'show_status' => 'int', + 'reporter_id' => 'int', + 'handler_id' => 'int', + 'show_resolution' => 'int', + 'show_priority' => 'int', 'show_build' => 'string', 'show_version' => 'string', - 'hide_status' => 'string', + 'hide_status' => 'int', 'fixed_in_version' => 'string', - 'user_monitor' => 'string', - 'show_profile' => 'string' + 'user_monitor' => 'int', + 'show_profile' => 'int' ); foreach( $t_multi_select_list as $t_multi_field_name => $t_multi_field_type ) { if ( !isset( $p_filter_arr[$t_multi_field_name] ) ) { @@ -2476,10 +2479,12 @@ $t_checked_array = array(); foreach ( $p_filter_arr[$t_multi_field_name] as $t_filter_value ) { $t_filter_value = stripslashes( $t_filter_value ); - if ( ( 5 <= $t_cookie_vers ) && ( ( $t_filter_value == 'any' ) || ( is_numeric($t_filter_value) && $t_filter_value == 0 ) ) ) { + if ( ( 5 <= $t_cookie_vers ) && + ( ( $t_filter_value === 'any' ) || ( $t_filter_value === '[any]' ) ) ) { $t_filter_value = META_FILTER_ANY; } - if ( ( 5 <= $t_cookie_vers ) && ( $t_filter_value == 'none' ) ) { + if ( ( 5 <= $t_cookie_vers ) && + ( ( $t_filter_value === 'none' ) || ( $t_filter_value === '[none]' ) ) ) { $t_filter_value = META_FILTER_NONE; } if ( 'string' == $t_multi_field_type ) { @@ -2497,7 +2502,7 @@ if ( is_array( $t_custom_fields ) && ( sizeof( $t_custom_fields ) > 0 ) ) { foreach( $t_custom_fields as $t_cfid ) { if ( !isset( $p_filter_arr['custom_fields'][$t_cfid] ) ) { - $p_filter_arr['custom_fields'][$t_cfid] = array( "[any]" ); + $p_filter_arr['custom_fields'][$t_cfid] = array( META_FILTER_ANY ); } else { if ( !is_array( $p_filter_arr['custom_fields'][$t_cfid] ) ) { $p_filter_arr['custom_fields'][$t_cfid] = array( $p_filter_arr['custom_fields'][$t_cfid] ); @@ -2505,7 +2510,7 @@ $t_checked_array = array(); foreach ( $p_filter_arr['custom_fields'][$t_cfid] as $t_filter_value ) { $t_filter_value = stripslashes( $t_filter_value ); - if ( ( 5 == $t_cookie_vers ) && ( $t_filter_value == 'any' ) ) { + if ( ( 5 == $t_cookie_vers ) && ( ( $t_filter_value === 'any' ) || ( $t_filter_value === '[any]' ) ) ) { $t_filter_value = META_FILTER_ANY; } $t_checked_array[] = db_prepare_string( $t_filter_value ); ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | mantisbt/core filter_api.php,1.127,1.128, Glenn Henshaw |
|---|---|
| Next by Date: | mantisbt/core constant_inc.php,1.52,1.53 filter_api.php,1.128,1.129, Glenn Henshaw |
| Previous by Thread: | mantisbt/core filter_api.php,1.127,1.128, Glenn Henshaw |
| Next by Thread: | mantisbt/core constant_inc.php,1.52,1.53 filter_api.php,1.128,1.129, Glenn Henshaw |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
Home
| advertise | OSDir is
an inevitable website. 
|
