[arch-commits] Commit in wordpress/trunk (PKGBUILD password_reset_exploit.patch)
Alexander Rødseth
arodseth at archlinux.org
Sun May 7 13:45:34 UTC 2017
Date: Sunday, May 7, 2017 @ 13:45:33
Author: arodseth
Revision: 227255
upgpkg: wordpress 4.7.4-2
Added:
wordpress/trunk/password_reset_exploit.patch
Modified:
wordpress/trunk/PKGBUILD
------------------------------+
PKGBUILD | 14 ++++++++++----
password_reset_exploit.patch | 33 +++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+), 4 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-05-07 12:23:54 UTC (rev 227254)
+++ PKGBUILD 2017-05-07 13:45:33 UTC (rev 227255)
@@ -7,7 +7,7 @@
pkgname=wordpress
pkgver=4.7.4
-pkgrel=1
+pkgrel=2
pkgdesc='Blog tool and publishing platform'
arch=('any')
url='https://wordpress.org/'
@@ -19,12 +19,18 @@
'mysql: Database server')
options=('emptydirs')
install="$pkgname.install"
-source=("https://wordpress.org/$pkgname-$pkgver.tar.gz")
-sha256sums=('c11ce7580f21dfbca70dd6f817d3376385be6d34cf4d86f233eae3acb5fd87fd')
+source=("https://wordpress.org/$pkgname-$pkgver.tar.gz" 'password_reset_exploit.patch')
+sha256sums=('c11ce7580f21dfbca70dd6f817d3376385be6d34cf4d86f233eae3acb5fd87fd'
+ '68244b5bd534b21c88dc25074bf1fbc7a26d601cee69d78a467b1287f9eb2eed')
+prepare() {
+ cd "$pkgname"
+ patch -p1 -i "$srcdir/password_reset_exploit.patch"
+}
+
package() {
install -d "$pkgdir/usr/share/webapps"
- cp -r wordpress "$pkgdir/usr/share/webapps"
+ cp -r "$pkgname" "$pkgdir/usr/share/webapps"
}
# vim:set ts=2 sw=2 et:
Added: password_reset_exploit.patch
===================================================================
--- password_reset_exploit.patch (rev 0)
+++ password_reset_exploit.patch 2017-05-07 13:45:33 UTC (rev 227255)
@@ -0,0 +1,33 @@
+--- a/wp-includes/pluggable.php 2017-05-07 15:19:40.838218673 +0200
++++ b/wp-includes/pluggable.php 2017-05-07 15:25:35.661548515 +0200
+@@ -321,15 +321,21 @@
+ * https://core.trac.wordpress.org/ticket/5007.
+ */
+
+- if ( !isset( $from_email ) ) {
+- // Get the site domain and get rid of www.
+- $sitename = strtolower( $_SERVER['SERVER_NAME'] );
+- if ( substr( $sitename, 0, 4 ) == 'www.' ) {
+- $sitename = substr( $sitename, 4 );
+- }
+-
+- $from_email = 'wordpress@' . $sitename;
+- }
++ // Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092
++ if ( !isset( $from_email ) ) {
++ // Get the site domain and get rid of www.
++ $sitename = strtolower( WP_HOME );
++ if ( substr( $sitename, 0, 7 ) == 'http://' ) {
++ $sitename = substr( $sitename, 7 );
++ }
++ if ( substr( $sitename, 0, 8 ) == 'https://' ) {
++ $sitename = substr( $sitename, 8 );
++ }
++ if ( substr( $sitename, 0, 4 ) == 'www.' ) {
++ $sitename = substr( $sitename, 4 );
++ }
++ $from_email = 'wordpress@' . $sitename;
++ }
+
+ /**
+ * Filters the email address to send from.
More information about the arch-commits
mailing list