[arch-commits] Commit in mantisbt/repos/community-any (9 files)

Maxime Gauduin alucryd at archlinux.org
Mon Dec 8 08:33:33 UTC 2014


    Date: Monday, December 8, 2014 @ 09:33:32
  Author: alucryd
Revision: 123624

archrelease: copy trunk to community-any

Added:
  mantisbt/repos/community-any/PKGBUILD
    (from rev 123623, mantisbt/trunk/PKGBUILD)
  mantisbt/repos/community-any/mantisbt.install
    (from rev 123623, mantisbt/trunk/mantisbt.install)
Deleted:
  mantisbt/repos/community-any/CVE-2014-7146.patch
  mantisbt/repos/community-any/CVE-2014-8554.patch
  mantisbt/repos/community-any/CVE-2014-8598.patch
  mantisbt/repos/community-any/CVE-2014-9089.patch
  mantisbt/repos/community-any/PKGBUILD
  mantisbt/repos/community-any/fix-17742.patch
  mantisbt/repos/community-any/fix-17870.patch

---------------------+
 CVE-2014-7146.patch |   65 ----------------
 CVE-2014-8554.patch |   35 --------
 CVE-2014-8598.patch |  203 --------------------------------------------------
 CVE-2014-9089.patch |   35 --------
 PKGBUILD            |  107 ++++++++++----------------
 fix-17742.patch     |   31 -------
 fix-17870.patch     |   24 -----
 mantisbt.install    |   17 ++++
 8 files changed, 59 insertions(+), 458 deletions(-)

Deleted: CVE-2014-7146.patch
===================================================================
--- CVE-2014-7146.patch	2014-12-08 08:32:49 UTC (rev 123623)
+++ CVE-2014-7146.patch	2014-12-08 08:33:32 UTC (rev 123624)
@@ -1,65 +0,0 @@
-From bed19db954359043515300c995ebc40ebb97265a Mon Sep 17 00:00:00 2001
-From: Damien Regad <dregad at mantisbt.org>
-Date: Sat, 1 Nov 2014 19:45:47 +0100
-Subject: [PATCH] XML Import: Fix php code injection vulnerability
-
-Egidio Romano discovered a vulnerability in the XML import plugin.
-
-User input passed through the "description" field (and the "issuelink"
-attribute) of the uploaded XML file isn't properly sanitized before
-being used in a call to the preg_replace() function which uses the 'e'
-modifier. This can be exploited to inject and execute arbitrary PHP code
-when the Import/Export plugin is installed.
-
-This fix is a partial backport from a master branch commit which has
-been confirmed as addressing the issue (84017535f8718685d755d58af7a39d80f52ffca8)
-excluding changes not relevant to fixing the security issue, including
-subsequent fixes (aea1a348043979e75a6cc021e4a0a7f8d3bb7211,
-4350b4d4f0ee4fba423edcae1cd2117dc1e2d63b).
-
-Fixes #17725 (CVE-2014-7146)
----
- plugins/XmlImportExport/ImportXml.php | 29 ++++++++++++++++++++---------
- 1 file changed, 20 insertions(+), 9 deletions(-)
-
-diff --git a/plugins/XmlImportExport/ImportXml.php b/plugins/XmlImportExport/ImportXml.php
-index 590f898..09ccc8d 100644
---- a/plugins/XmlImportExport/ImportXml.php
-+++ b/plugins/XmlImportExport/ImportXml.php
-@@ -102,16 +102,27 @@ public function import( ) {
- 
- 		echo " Done\n";
- 
--		$importedIssues = $this->itemsMap_->getall( 'issue' );
--		printf( "Processing cross-references for %s issues...", count( $importedIssues ) );
--		foreach( $importedIssues as $oldId => $newId ) {
--			$bugData = bug_get( $newId, true );
--
--			$bugLinkRegexp = '/(^|[^\w])(' . preg_quote( $this->source_->issuelink, '/' ) . ')(\d+)\b/e';
--			$replacement = '"\\1" . $this->getReplacementString( "\\2", "\\3" )';
-+		# replace bug references
-+		$t_imported_issues = $this->itemsMap_->getall( 'issue' );
-+		printf( 'Processing cross-references for %s issues...', count( $t_imported_issues ) );
-+		foreach( $t_imported_issues as $t_old_id => $t_new_id ) {
-+			$t_bug = bug_get( $t_new_id, true );
-+			$t_content_replaced = false;
-+			$t_bug_link_regexp = '/(^|[^\w])(' . preg_quote( $this->source_->issuelink, '/' ) . ')(\d+)\b/';
-+
-+			# replace links in description
-+			preg_match_all( $t_bug_link_regexp, $t_bug->description, $t_matches );
-+			if( is_array( $t_matches[3] ) && count( $t_matches[3] ) > 0 ) {
-+				$t_content_replaced = true;
-+				foreach ( $t_matches[3] as $t_old_id2 ) {
-+					$t_bug->description = str_replace( $this->source_->issuelink . $t_old_id2, $this->getReplacementString( $this->source_->issuelink, $t_old_id2 ), $t_bug->description );
-+				}
-+			}
- 
--			$bugData->description = preg_replace( $bugLinkRegexp, $replacement, $bugData->description );
--			$bugData->update( true, true );
-+			if( $t_content_replaced ) {
-+				# only update bug if necessary (otherwise last update date would be unnecessarily overwritten)
-+				$t_bug->update( true );
-+			}
- 		}
- 		echo " Done\n";
- 	}

Deleted: CVE-2014-8554.patch
===================================================================
--- CVE-2014-8554.patch	2014-12-08 08:32:49 UTC (rev 123623)
+++ CVE-2014-8554.patch	2014-12-08 08:33:32 UTC (rev 123624)
@@ -1,35 +0,0 @@
-From 99ffb0afaff3409d0eaec78ac963214da0d2a079 Mon Sep 17 00:00:00 2001
-From: Damien Regad <dregad at mantisbt.org>
-Date: Thu, 30 Oct 2014 15:31:36 +0100
-Subject: [PATCH] SQL injection in mc_project_get_attachments()
-
-This is a follow-up on CVE-2014-1609 / issue #16880.
-
-Edwin Gozeling and Wim Visser from ITsec Security Services BV
-(http://www.itsec.nl) discovered that the fix in #16880 did not fully
-address the problem. Their research demonstrate that using a specially
-crafted project id parameter, an attacker could still perform an SQL
-injection.
-
-The same issue was also reported by Paul Richards in issue #17823.
-
-This patch fixes the problem by typecasting the Project ID parameter
-to Integer.
-
-Fixes #17812, CVE-2014-8554
----
- api/soap/mc_project_api.php | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/api/soap/mc_project_api.php b/api/soap/mc_project_api.php
-index 8e6aae9..fe57b7b 100644
---- a/api/soap/mc_project_api.php
-+++ b/api/soap/mc_project_api.php
-@@ -655,6 +655,7 @@ function mc_project_get_attachments( $p_username, $p_password, $p_project_id ) {
- 		return mci_soap_fault_login_failed();
- 	}
- 
-+	$p_project_id = (int)$p_project_id;
- 	$g_project_override = $p_project_id;
- 
- 	# Check if project documentation feature is enabled.

Deleted: CVE-2014-8598.patch
===================================================================
--- CVE-2014-8598.patch	2014-12-08 08:32:49 UTC (rev 123623)
+++ CVE-2014-8598.patch	2014-12-08 08:33:32 UTC (rev 123624)
@@ -1,203 +0,0 @@
-From 80a15487cda89afb00ce866da8e24d76808dcdb4 Mon Sep 17 00:00:00 2001
-From: Damien Regad <dregad at mantisbt.org>
-Date: Fri, 17 Oct 2014 17:21:25 +0200
-Subject: [PATCH] XML plugin: Add config page with access thresholds
-
-Prior to this, any user of a MantisBT instance with the XML
-Import/Export plugin enabled and knowing the URL to the plugin's import
-page could upload an XML file and insert data without restriction,
-regardless of their access level.
-
-This vulnerability is particularly dangerous when used in combination
-with the one described in issue #17725 (CVE-2014-7146) as it makes for a
-very simple and easily accessible vector for PHP code injection attacks.
-
-There was also no access check when exporting data, which could allow an
-attacker to gain access to confidential information (disclosure of all
-bug-related data, including usernames).
-
-Fixes #17780 (CVE-2014-8598)
----
- plugins/XmlImportExport/XmlImportExport.php      | 16 +++++++-
- plugins/XmlImportExport/lang/strings_english.txt |  7 ++++
- plugins/XmlImportExport/pages/config.php         | 27 +++++++++++++
- plugins/XmlImportExport/pages/config_page.php    | 48 ++++++++++++++++++++++++
- plugins/XmlImportExport/pages/export.php         |  2 +
- plugins/XmlImportExport/pages/import.php         |  2 +
- 6 files changed, 101 insertions(+), 1 deletion(-)
- create mode 100644 plugins/XmlImportExport/pages/config.php
- create mode 100644 plugins/XmlImportExport/pages/config_page.php
-
-diff --git a/plugins/XmlImportExport/XmlImportExport.php b/plugins/XmlImportExport/XmlImportExport.php
-index 63e254e..20ea3c2 100644
---- a/plugins/XmlImportExport/XmlImportExport.php
-+++ b/plugins/XmlImportExport/XmlImportExport.php
-@@ -39,7 +39,7 @@ class XmlImportExportPlugin extends MantisPlugin {
- 	function register( ) {
- 		$this->name = plugin_lang_get( 'title' );
- 		$this->description = plugin_lang_get( 'description' );
--		$this->page = '';
-+		$this->page = "config_page";
- 
- 		$this->version = '1.0';
- 		$this->requires = array(
-@@ -54,6 +54,17 @@ function register( ) {
- 	/**
- 	 * Default plugin configuration.
- 	 */
-+	public function config() {
-+		return array(
-+			"import_threshold" => ADMINISTRATOR,
-+			"export_threshold" => DEVELOPER,
-+		);
-+	}
-+
-+	/**
-+	 * Plugin hooks
-+	 * @return array
-+	 */
- 	function hooks( ) {
- 		$hooks = array(
- 			'EVENT_MENU_MANAGE' => 'import_issues_menu',
-@@ -67,6 +78,9 @@ function import_issues_menu( ) {
- 	}
- 
- 	function export_issues_menu( ) {
-+		if( !access_has_project_level( plugin_config_get( 'export_threshold' ) ) ) {
-+			return array();
-+		}
- 		return array( '<a href="' . plugin_page( 'export' ) . '">' . plugin_lang_get( 'export' ) . '</a>', );
- 	}
- 
-diff --git a/plugins/XmlImportExport/lang/strings_english.txt b/plugins/XmlImportExport/lang/strings_english.txt
-index 775ad76..e595228 100644
---- a/plugins/XmlImportExport/lang/strings_english.txt
-+++ b/plugins/XmlImportExport/lang/strings_english.txt
-@@ -35,7 +35,14 @@ $s_plugin_XmlImportExport_description = 'Adds XML based import and export capabi
- $s_plugin_XmlImportExport_import = 'Import issues';
- $s_plugin_XmlImportExport_export = 'XML Export';
- 
-+$s_plugin_XmlImportExport_config_title = 'XML Import/Export Access Levels Configuration';
-+$s_plugin_XmlImportExport_import_threshold = 'Import issues';
-+$s_plugin_XmlImportExport_export_threshold = 'Export issues';
-+
-+$s_plugin_XmlImportExport_action_update = 'Update';
-+
- $s_plugin_XmlImportExport_importing_in_project = 'Importing issues in project:';
-+
- $s_plugin_XmlImportExport_import_options = 'Import options';
- 
- $s_plugin_XmlImportExport_cross_references = 'Cross references';
-diff --git a/plugins/XmlImportExport/pages/config.php b/plugins/XmlImportExport/pages/config.php
-new file mode 100644
-index 0000000..19587c8
---- /dev/null
-+++ b/plugins/XmlImportExport/pages/config.php
-@@ -0,0 +1,27 @@
-+<?php
-+# Copyright (c) 2014  MantisBT Team - mantisbt-dev at lists.sourceforge.net
-+# Licensed under the MIT license
-+
-+form_security_validate( 'plugin_XmlImportExport_config' );
-+access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
-+
-+/**
-+ * Sets plugin config option if value is different from current/default
-+ * @param string $p_name  option name
-+ * @param string $p_value value to set
-+ * @return void
-+ */
-+function config_set_if_needed( $p_name, $p_value ) {
-+	if ( $p_value != plugin_config_get( $p_name ) ) {
-+		plugin_config_set( $p_name, $p_value );
-+	}
-+}
-+
-+$t_redirect_url = plugin_page( 'config_page', true );
-+
-+config_set_if_needed( 'import_threshold' , gpc_get_int( 'import_threshold' ) );
-+config_set_if_needed( 'export_threshold' , gpc_get_int( 'export_threshold' ) );
-+
-+form_security_purge( 'plugin_XmlImportExport_config' );
-+
-+print_successful_redirect( $t_redirect_url );
-diff --git a/plugins/XmlImportExport/pages/config_page.php b/plugins/XmlImportExport/pages/config_page.php
-new file mode 100644
-index 0000000..7c678af
---- /dev/null
-+++ b/plugins/XmlImportExport/pages/config_page.php
-@@ -0,0 +1,48 @@
-+<?php
-+# Copyright (c) 2014  MantisBT Team - mantisbt-dev at lists.sourceforge.net
-+# Licensed under the MIT license
-+
-+access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
-+
-+html_page_top();
-+//print_manage_menu();
-+?>
-+
-+<br />
-+<form action="<?php echo plugin_page( 'config' ) ?>" method="post">
-+<?php echo form_security_field( 'plugin_XmlImportExport_config' ) ?>
-+<table class="width60" align="center">
-+
-+<tr>
-+<td class="form-title" colspan="2"><?php echo plugin_lang_get("config_title") ?></td>
-+</tr>
-+
-+<tr <?php echo helper_alternate_class() ?>>
-+<td class="category"><?php echo plugin_lang_get( 'import_threshold' ) ?></td>
-+<td><select name="import_threshold"><?php
-+	print_enum_string_option_list(
-+		'access_levels',
-+		plugin_config_get( 'import_threshold' )
-+	);
-+	?></select></td>
-+</tr>
-+
-+<tr <?php echo helper_alternate_class() ?>>
-+<td class="category"><?php echo plugin_lang_get( 'export_threshold' ) ?></td>
-+<td><select name="export_threshold"><?php
-+	print_enum_string_option_list(
-+		'access_levels',
-+		plugin_config_get( 'export_threshold' )
-+	);
-+	?></select></td>
-+</tr>
-+
-+<tr>
-+<td class="center" colspan="2"><input type="submit" value="<?php echo plugin_lang_get("action_update") ?>"/></td>
-+</tr>
-+
-+</table>
-+</form>
-+
-+<?php
-+html_page_bottom();
-diff --git a/plugins/XmlImportExport/pages/export.php b/plugins/XmlImportExport/pages/export.php
-index 061b135..aac3bbf 100644
---- a/plugins/XmlImportExport/pages/export.php
-+++ b/plugins/XmlImportExport/pages/export.php
-@@ -20,6 +20,8 @@
- 
- require_once( 'core.php' );
- 
-+access_ensure_project_level( plugin_config_get( 'export_threshold' ) );
-+
- auth_ensure_user_authenticated( );
- helper_begin_long_process( );
- 
-diff --git a/plugins/XmlImportExport/pages/import.php b/plugins/XmlImportExport/pages/import.php
-index cd7721f..6740727 100644
---- a/plugins/XmlImportExport/pages/import.php
-+++ b/plugins/XmlImportExport/pages/import.php
-@@ -14,6 +14,8 @@
- # You should have received a copy of the GNU General Public License
- # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
- 
-+access_ensure_project_level( plugin_config_get( 'import_threshold' ) );
-+
- auth_reauthenticate( );
- 
- html_page_top( plugin_lang_get( 'import' ) );

Deleted: CVE-2014-9089.patch
===================================================================
--- CVE-2014-9089.patch	2014-12-08 08:32:49 UTC (rev 123623)
+++ CVE-2014-9089.patch	2014-12-08 08:33:32 UTC (rev 123624)
@@ -1,35 +0,0 @@
-From b0021673ab23249244119bde3c7fcecd4daa4e7f Mon Sep 17 00:00:00 2001
-From: Victor Boctor <victor at mantishub.net>
-Date: Mon, 24 Nov 2014 20:54:51 -0800
-Subject: [PATCH] Improve validation for filter sort and direction
-
-Fixes #17841
----
- core/filter_api.php | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/core/filter_api.php b/core/filter_api.php
-index 7ec33d7..0667996 100644
---- a/core/filter_api.php
-+++ b/core/filter_api.php
-@@ -606,8 +606,20 @@ function filter_ensure_valid_filter( $p_filter_arr ) {
- 			unset( $t_fields[$i] );
- 		}
- 	}
-+
-+	# Make sure array is no longer than 2 elements
- 	$t_sort_fields = explode( ',', $p_filter_arr['sort'] );
-+	if( count( $t_sort_fields ) > 2 ) {
-+		$t_sort_fields = array_slice( $t_sort_fields, 0, 2 );
-+	}
-+
-+	# Make sure array is no longer than 2 elements
- 	$t_dir_fields = explode( ',', $p_filter_arr['dir'] );
-+	if( count( $t_dir_fields ) > 2 ) {
-+		$t_dir_fields = array_slice( $t_dir_fields, 0, 2 );
-+	}
-+
-+	# Validate the max of two segments for $t_sort_fields and $t_dir_fields
- 	for( $i = 0;$i < 2;$i++ ) {
- 		if( isset( $t_sort_fields[$i] ) ) {
- 			$t_drop = false;

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2014-12-08 08:32:49 UTC (rev 123623)
+++ PKGBUILD	2014-12-08 08:33:32 UTC (rev 123624)
@@ -1,65 +0,0 @@
-# $Id: PKGBUILD 123316 2014-12-01 09:07:07Z alucryd $
-# Maintainer: Maxime Gauduin <alucryd at archlinux.org>
-# Contributor: Alexander 'gridcol' Griesbaum <agrsbm at gmail.com>
-# Contributor: Ravenman <correo.cuervo at gmail.com>
-# Contributor: Anton Bazhenov <anton.bazhenov at gmail>
-# Contributor: Angel 'angvp' Velasquez <angvp at archlinux.com.ve>
-
-pkgname=mantisbt
-pkgver=1.2.17
-pkgrel=5
-pkgdesc='Web-based issue tracking system'
-arch=('any')
-url='http://www.mantisbt.org/'
-license=('GPL')
-depends=('php')
-optdepends=('apache: Web server to run MantisBT'
-            'curl: Twitter integration'
-            'gd: Graphs support'
-            'lighttpd: Web server to run MantisBT'
-            'mariadb: SQL database'
-            'nginx: Web server to run MantisBT'
-            'php-pgsql: PostgreSQL database')
-backup=('etc/webapps/mantisbt/config_inc.php')
-install='mantisbt.install'
-source=("http://downloads.sourceforge.net/mantisbt/mantisbt-${pkgver}.tar.gz"
-        'CVE-2014-7146.patch'
-        'CVE-2014-8554.patch'
-        'CVE-2014-8598.patch'
-        'CVE-2014-9089.patch'
-        'fix-17742.patch'
-        'fix-17870.patch')
-sha256sums=('4305295a1d3910516b6fa238e03e710c0bb5b30a01b3a908865799096207b243'
-            '5660d838efa89f5cc391df902979faa024a26faa698ab0845a458bf3a5fdcd08'
-            '3183477bcc3b69fc969b9d9502070816b2f8bd1ec387d02805b1bd901b471908'
-            '3bfb9a6e118678f80a244ca13f527d5589da094491e910d95c53dd5c10d048ed'
-            '6ecb79495337243971945e95c7c1ed4264ed17b49d1fdc256fb3406f793d56a5'
-            'b04ad80fe28ee8b247ec61433c6515e40ef6a4ca50f4aab039242858100efcca'
-            '9f879930bfe31baf7b8449de65123c96db5444187bc637bb45af57fc290bb7fc')
-
-prepare() {
-  cd mantisbt-${pkgver}
-
-  patch -Np1 -i ../CVE-2014-7146.patch
-  patch -Np1 -i ../CVE-2014-8554.patch
-  patch -Np1 -i ../CVE-2014-8598.patch
-  patch -Np1 -i ../CVE-2014-9089.patch
-  patch -Np1 -i ../fix-17742.patch
-  patch -Np1 -i ../fix-17870.patch
-}
-
-package() {
-  install -dm 755 "${pkgdir}"/{etc/webapps/mantisbt,usr/share/webapps}
-  cp -dr --no-preserve='ownership' mantisbt-${pkgver} "${pkgdir}"/usr/share/webapps/mantisbt
-
-  for f in {config_inc.php,custom_strings_inc.php,custom_constants_inc.php,custom_functions_inc.php}; do
-    ln -s /etc/webapps/mantisbt/${f} "${pkgdir}"/usr/share/webapps/mantisbt/
-  done
-  cp "${pkgdir}"/usr/share/webapps/mantisbt/config_inc.php.sample "${pkgdir}"/etc/webapps/mantisbt/config_inc.php
-
-  find "${pkgdir}" -type d -exec chmod 755 {} +
-  find "${pkgdir}" -type f -exec chmod 644 {} +
-  chown http:http -R "${pkgdir}"/usr/share/webapps/mantisbt
-}
-
-# vim: ts=2 sw=2 et:

Copied: mantisbt/repos/community-any/PKGBUILD (from rev 123623, mantisbt/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2014-12-08 08:33:32 UTC (rev 123624)
@@ -0,0 +1,42 @@
+# $Id$
+# Maintainer: Maxime Gauduin <alucryd at archlinux.org>
+# Contributor: Alexander 'gridcol' Griesbaum <agrsbm at gmail.com>
+# Contributor: Ravenman <correo.cuervo at gmail.com>
+# Contributor: Anton Bazhenov <anton.bazhenov at gmail>
+# Contributor: Angel 'angvp' Velasquez <angvp at archlinux.com.ve>
+
+pkgname=mantisbt
+pkgver=1.2.18
+pkgrel=1
+pkgdesc='Web-based issue tracking system'
+arch=('any')
+url='http://www.mantisbt.org/'
+license=('GPL')
+depends=('php')
+optdepends=('apache: Web server to run MantisBT'
+            'curl: Twitter integration'
+            'gd: Graphs support'
+            'lighttpd: Web server to run MantisBT'
+            'mariadb: SQL database'
+            'nginx: Web server to run MantisBT'
+            'php-pgsql: PostgreSQL database')
+backup=('etc/webapps/mantisbt/config_inc.php')
+install='mantisbt.install'
+source=("http://downloads.sourceforge.net/mantisbt/mantisbt-${pkgver}.tar.gz")
+sha256sums=('80d2787cbedcb3ca1c724a6c5b33d4d66046ce8f991da82e91a09c4b00ddb93d')
+
+package() {
+  install -dm 755 "${pkgdir}"/{etc/webapps/mantisbt,usr/share/webapps}
+  cp -dr --no-preserve='ownership' mantisbt-${pkgver} "${pkgdir}"/usr/share/webapps/mantisbt
+
+  for f in {config_inc.php,custom_strings_inc.php,custom_constants_inc.php,custom_functions_inc.php}; do
+    ln -s /etc/webapps/mantisbt/${f} "${pkgdir}"/usr/share/webapps/mantisbt/
+  done
+  cp "${pkgdir}"/usr/share/webapps/mantisbt/config_inc.php.sample "${pkgdir}"/etc/webapps/mantisbt/config_inc.php
+
+  find "${pkgdir}" -type d -exec chmod 755 {} +
+  find "${pkgdir}" -type f -exec chmod 644 {} +
+  chown http:http -R "${pkgdir}"/usr/share/webapps/mantisbt
+}
+
+# vim: ts=2 sw=2 et:

Deleted: fix-17742.patch
===================================================================
--- fix-17742.patch	2014-12-08 08:32:49 UTC (rev 123623)
+++ fix-17742.patch	2014-12-08 08:33:32 UTC (rev 123624)
@@ -1,31 +0,0 @@
-From 5f0b150b79868ea9d791e2c46b45b3f41b410e50 Mon Sep 17 00:00:00 2001
-From: Paul Richards <paul at issue-track.org>
-Date: Thu, 30 Oct 2014 23:00:01 +0000
-Subject: [PATCH] Incorrect access check on attachment downloads
-
-Even if config variables $g_download_attachments_threshold and
-$g_view_attachments_threshold are set to 55 (developer), users with
-lower privileges can download attachments.
-
-Fixes #17742
-
-Signed-off-by: Damien Regad <dregad at mantisbt.org>
----
- core/file_api.php | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/core/file_api.php b/core/file_api.php
-index 16d9dd6..2dc260b 100644
---- a/core/file_api.php
-+++ b/core/file_api.php
-@@ -120,8 +120,8 @@ function file_can_view_bug_attachments( $p_bug_id, $p_uploader_user_id = null )
- # Check if the current user can download attachments for the specified bug.
- function file_can_download_bug_attachments( $p_bug_id, $p_uploader_user_id = null ) {
- 	$t_uploaded_by_me = auth_get_current_user_id() === $p_uploader_user_id;
--	$t_can_download = access_has_bug_level( config_get( 'download_attachments_threshold' ), $p_bug_id );
--	$t_can_download = $t_can_download || ( $t_uploaded_by_me && config_get( 'allow_download_own_attachments' ) );
-+	$t_can_download = access_has_bug_level( config_get( 'download_attachments_threshold', null, null, bug_get_field( $p_bug_id, 'project_id' ) ), $p_bug_id );
-+	$t_can_download = $t_can_download || ( $t_uploaded_by_me && config_get( 'allow_download_own_attachments', null, null, bug_get_field( $p_bug_id, 'project_id' ) ) );
- 	return $t_can_download;
- }
- 

Deleted: fix-17870.patch
===================================================================
--- fix-17870.patch	2014-12-08 08:32:49 UTC (rev 123623)
+++ fix-17870.patch	2014-12-08 08:33:32 UTC (rev 123624)
@@ -1,24 +0,0 @@
-From 49c3d0893091fb1bb6b92639e59a72203be0bc4a Mon Sep 17 00:00:00 2001
-From: Damien Regad <dregad at mantisbt.org>
-Date: Fri, 14 Nov 2014 22:55:47 +0100
-Subject: [PATCH] Fix #17870: XSS in adm_config_report.php
-
-This is the correct fix for this issue, using string_attribute() to
-escape the variable. Thanks to Paul Richards for pointing this out.
----
- adm_config_report.php | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/adm_config_report.php b/adm_config_report.php
-index 79ace81..d762491 100644
---- a/adm_config_report.php
-+++ b/adm_config_report.php
-@@ -480,7 +480,7 @@ function print_option_list_from_array( $p_array, $p_filter_value ) {
- 	</td>
- 	<td>
- 		<input type="text" name="config_option"
--			value="<?php echo $t_edit_option; ?>"
-+			value="<?php echo string_attribute( $t_edit_option ); ?>"
- 			size="64" maxlength="64" />
- 	</td>
- </tr>

Copied: mantisbt/repos/community-any/mantisbt.install (from rev 123623, mantisbt/trunk/mantisbt.install)
===================================================================
--- mantisbt.install	                        (rev 0)
+++ mantisbt.install	2014-12-08 08:33:32 UTC (rev 123624)
@@ -0,0 +1,17 @@
+pre_upgrade() {
+  cd /usr/share/webapps/mantisbt
+
+  cp mantis_offline.php.sample mantis_offline.php
+}
+
+post_upgrade() {
+  cd /usr/share/webapps/mantisbt
+
+  rm mantis_offline.php
+}
+
+post_remove() {
+  rm -rf /usr/share/webapps/mantisbt
+}
+
+# vim: ts=2 sw=2 et:



More information about the arch-commits mailing list