rpms/mantis/FC-4 mantis-0.19.5-unreleased.patch, NONE, 1.1 mantis.spec, 1.8, 1.9

Fri Oct 20 23:56:51 UTC 2006

Author: giallu

Update of /cvs/extras/rpms/mantis/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32077

Modified Files:
	mantis.spec 
Added Files:
	mantis-0.19.5-unreleased.patch 
Log Message:
Add unreleased security patches from upsream CVS


mantis-0.19.5-unreleased.patch:

--- NEW FILE mantis-0.19.5-unreleased.patch ---
? mantis-0.19.5-unreleased.patch
Index: bug_view_advanced_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/bug_view_advanced_page.php,v
retrieving revision 1.67
retrieving revision 1.67.6.1
diff -u -r1.67 -r1.67.6.1
--- bug_view_advanced_page.php	25 Oct 2004 19:59:12 -0000	1.67
+++ bug_view_advanced_page.php	1 Jan 2006 04:29:49 -0000	1.67.6.1
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: bug_view_advanced_page.php,v 1.67 2004/10/25 19:59:12 marcelloscata Exp $
+	# $Id: bug_view_advanced_page.php,v 1.67.6.1 2006/01/01 04:29:49 thraxisp Exp $
 	# --------------------------------------------------------
 
 	require_once( 'core.php' );
@@ -136,7 +136,7 @@
 	<!-- Category -->
 	<td>
 		<?php
-			$t_project_name = project_get_field( $t_bug->project_id, 'name' );
+			$t_project_name = string_display( project_get_field( $t_bug->project_id, 'name' ) );
 			echo "[$t_project_name] $t_bug->category";
 		?>
 	</td>
Index: bug_view_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/bug_view_page.php,v
retrieving revision 1.70
retrieving revision 1.70.6.1
diff -u -r1.70 -r1.70.6.1
--- bug_view_page.php	17 Oct 2004 00:14:27 -0000	1.70
+++ bug_view_page.php	1 Jan 2006 04:29:49 -0000	1.70.6.1
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: bug_view_page.php,v 1.70 2004/10/17 00:14:27 thraxisp Exp $
+	# $Id: bug_view_page.php,v 1.70.6.1 2006/01/01 04:29:49 thraxisp Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -138,7 +138,7 @@
 	<!-- Category -->
 	<td>
 		<?php
-			$t_project_name = project_get_field( $t_bug->project_id, 'name' );
+			$t_project_name = string_display( project_get_field( $t_bug->project_id, 'name' ) );
 			echo "[$t_project_name] $t_bug->category";
 		?>
 	</td>
Index: changelog_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/changelog_page.php,v
retrieving revision 1.9
retrieving revision 1.9.6.1
diff -u -r1.9 -r1.9.6.1
--- changelog_page.php	25 Oct 2004 19:51:02 -0000	1.9
+++ changelog_page.php	1 Jan 2006 04:29:49 -0000	1.9.6.1
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: changelog_page.php,v 1.9 2004/10/25 19:51:02 marcelloscata Exp $
+	# $Id: changelog_page.php,v 1.9.6.1 2006/01/01 04:29:49 thraxisp Exp $
 	# --------------------------------------------------------
 
 	require_once( 'core.php' );
@@ -21,7 +21,7 @@
 		$t_version_name = version_get_field( $p_version_id, 'version' );
 		$t_project_name = project_get_field( $t_project_id, 'name' );
 
-		$t_release_title = $t_project_name . ' - ' . $t_version_name;
+		$t_release_title = string_display( $t_project_name ) . ' - ' . string_display( $t_version_name );
 		echo $t_release_title, '<br />';
 		echo str_pad( '', strlen( $t_release_title ), '=' ), '<br />';
 
@@ -56,7 +56,7 @@
 
 	$t_version_rows = version_get_all_rows( $f_project_id );
 
-	echo '<br /><span class="pagetitle">', $t_project_name, ' - ', lang_get( 'changelog' ), '</span><br /><br />';
+	echo '<br /><span class="pagetitle">', string_display( $t_project_name ), ' - ', lang_get( 'changelog' ), '</span><br /><br />';
 	echo '<tt>';
 
 	$i = 0;
Index: manage_proj_create.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/manage_proj_create.php,v
retrieving revision 1.6
retrieving revision 1.6.4.1
diff -u -r1.6 -r1.6.4.1
--- manage_proj_create.php	1 Dec 2004 12:45:22 -0000	1.6
+++ manage_proj_create.php	1 Jan 2006 04:29:49 -0000	1.6.4.1
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: manage_proj_create.php,v 1.6 2004/12/01 12:45:22 vboctor Exp $
+	# $Id: manage_proj_create.php,v 1.6.4.1 2006/01/01 04:29:49 thraxisp Exp $
 	# --------------------------------------------------------
 ?>
 <?php require_once( 'core.php' ) ?>
@@ -19,7 +19,7 @@
 	$f_status		= gpc_get_int( 'status' );
 	$f_file_path	= gpc_get_string( 'file_path', '' );
 
-	$t_project_id = project_create( $f_name, $f_description, $f_status, $f_view_state, $f_file_path );
+	$t_project_id = project_create( string_strip_tags( $f_name ), $f_description, $f_status, $f_view_state, $f_file_path );
 
 	if ( ( $f_view_state == VS_PRIVATE ) && ( false === current_user_is_administrator() ) ) {
 		$t_access_level = access_get_global_level();
Index: manage_user_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/manage_user_page.php,v
retrieving revision 1.56.4.1
retrieving revision 1.56.4.2
diff -u -r1.56.4.1 -r1.56.4.2
--- manage_user_page.php	5 Dec 2005 10:49:06 -0000	1.56.4.1
+++ manage_user_page.php	5 Jan 2006 03:57:56 -0000	1.56.4.2
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: manage_user_page.php,v 1.56.4.1 2005/12/05 10:49:06 vboctor Exp $
+	# $Id: manage_user_page.php,v 1.56.4.2 2006/01/05 03:57:56 thraxisp Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -25,12 +25,31 @@
 	$f_save = gpc_get_bool( 'save' );
 	$f_prefix = strtoupper( gpc_get_string( 'prefix', config_get( 'default_manage_user_prefix' ) ) );
 
+	$t_user_table = config_get( 'mantis_user_table' );
 	$t_cookie_name = config_get( 'manage_cookie' );
 	$t_lock_image = '<img src="' . config_get( 'icon_path' ) . 'protected.gif" width="8" height="15" border="0" alt="' . lang_get( 'protected' ) . '" />';
 
+	# Clean up the form variables
+	if ( ! in_array( $f_sort, db_field_names( $t_user_table ) ) ) {
+        $c_sort = 'username';
+    } else {	 
+        $c_sort = addslashes($f_sort);
+    }
+
+	if ($f_dir == 'ASC') {
+		$c_dir = 'ASC';
+	} else {
+		$c_dir = 'DESC';
+	}
+
+	if ($f_hide == 0) { # a 0 will turn it off
+		$c_hide = 0;
+	} else {            # anything else (including 'on') will turn it on
+		$c_hide = 1;
+	}
 	# set cookie values for hide, sort by, and dir
 	if ( $f_save ) {
-		$t_manage_string = $f_hide.':'.$f_sort.':'.$f_dir;
+		$t_manage_string = $c_hide.':'.$c_sort.':'.$c_dir;
 		gpc_set_cookie( $t_cookie_name, $t_manage_string, true );
 	} else if ( !is_blank( gpc_get_cookie( $t_cookie_name, '' ) ) ) {
 		$t_manage_arr = explode( ':', gpc_get_cookie( $t_cookie_name ) );
@@ -49,20 +68,6 @@
 		}
 	}
 
-	# Clean up the form variables
-	$c_sort = addslashes($f_sort);
-
-	if ($f_dir == 'ASC') {
-		$c_dir = 'ASC';
-	} else {
-		$c_dir = 'DESC';
-	}
-
-	if ($f_hide == 0) { # a 0 will turn it off
-		$c_hide = 0;
-	} else {            # anything else (including 'on') will turn it on
-		$c_hide = 1;
-	}
 ?>
 <?php html_page_top1( lang_get( 'manage_users_link' ) ) ?>
 <?php html_page_top2() ?>
@@ -71,8 +76,6 @@
 
 <?php # New Accounts Form BEGIN ?>
 <?php
-	$t_user_table = config_get( 'mantis_user_table' );
-
 	$days_old = 7;
 	$query = "SELECT *
 		FROM $t_user_table
Index: print_all_bug_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/print_all_bug_page.php,v
retrieving revision 1.80
retrieving revision 1.80.10.1
diff -u -r1.80 -r1.80.10.1
--- print_all_bug_page.php	24 Jul 2004 14:31:43 -0000	1.80
+++ print_all_bug_page.php	1 Jan 2006 04:29:49 -0000	1.80.10.1
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: print_all_bug_page.php,v 1.80 2004/07/24 14:31:43 vboctor Exp $
+	# $Id: print_all_bug_page.php,v 1.80.10.1 2006/01/01 04:29:49 thraxisp Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -75,7 +75,7 @@
 
 <table class="width100"><tr><td class="form-title">
 	<div class="center">
-		<?php echo config_get( 'window_title' ) . ' - ' . project_get_name( $t_project_id ); ?>
+		<?php echo config_get( 'window_title' ) . ' - ' . string_display( project_get_name( $t_project_id ) ); ?>
 	</div>
 </td></tr></table>
 
Index: print_bug_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/print_bug_page.php,v
retrieving revision 1.51
retrieving revision 1.51.10.1
diff -u -r1.51 -r1.51.10.1
--- print_bug_page.php	27 Aug 2004 00:29:54 -0000	1.51
+++ print_bug_page.php	1 Jan 2006 04:29:49 -0000	1.51.10.1
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: print_bug_page.php,v 1.51 2004/08/27 00:29:54 thraxisp Exp $
+	# $Id: print_bug_page.php,v 1.51.10.1 2006/01/01 04:29:49 thraxisp Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -63,7 +63,7 @@
 <table class="width100" cellspacing="1">
 <tr>
 	<td class="form-title" colspan="6">
-		<div class="center"><?php echo config_get( 'window_title' ) . ' - ' . project_get_name( $v_project_id ) ?></div>
+		<div class="center"><?php echo config_get( 'window_title' ) . ' - ' . string_display( project_get_name( $v_project_id ) ) ?></div>
 	</td>
 </tr>
 <tr>
Index: query_store.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/query_store.php,v
retrieving revision 1.3
retrieving revision 1.3.12.1
diff -u -r1.3 -r1.3.12.1
--- query_store.php	7 Jul 2004 20:30:13 -0000	1.3
+++ query_store.php	8 Jan 2006 14:42:25 -0000	1.3.12.1
@@ -19,7 +19,7 @@
 	auth_ensure_user_authenticated();
 	compress_enable();
 
-	$f_query_name = gpc_get_string( 'query_name' );
+	$f_query_name = string_strip_tags( gpc_get_string( 'query_name' ) );
 	$f_is_public = gpc_get_bool( 'is_public' );
 	$f_all_projects = gpc_get_bool( 'all_projects' );
 	
Index: query_store_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/query_store_page.php,v
retrieving revision 1.5
retrieving revision 1.5.10.1
diff -u -r1.5 -r1.5.10.1
--- query_store_page.php	26 Jul 2004 12:06:23 -0000	1.5
+++ query_store_page.php	8 Jan 2006 14:42:25 -0000	1.5.10.1
@@ -38,7 +38,7 @@
 	} 
 	
 	# Check for an error
-	$t_error_msg = gpc_get_string( 'error_msg', null );
+	$t_error_msg = string_strip_tags( gpc_get_string( 'error_msg', null ) );
 	if ( $t_error_msg != null ) {
 		print "<br />$t_error_msg<br /><br />";
 	}
Index: view_all_set.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/view_all_set.php,v
retrieving revision 1.38.6.1
retrieving revision 1.38.6.2
diff -u -r1.38.6.1 -r1.38.6.2
--- view_all_set.php	10 Dec 2005 03:31:48 -0000	1.38.6.1
+++ view_all_set.php	18 Dec 2005 02:58:59 -0000	1.38.6.2
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: view_all_set.php,v 1.38.6.1 2005/12/10 03:31:48 thraxisp Exp $
+	# $Id: view_all_set.php,v 1.38.6.2 2005/12/18 02:58:59 thraxisp Exp $
 	# --------------------------------------------------------
 ?>
 <?php require_once( 'core.php' ) ?>
@@ -134,7 +134,7 @@
 
 	# these are only single values, even when doing advanced filtering
 	$f_per_page				= gpc_get_int( 'per_page', -1 );
-	$f_highlight_changed	= gpc_get_string( 'highlight_changed', config_get( 'default_show_changed' ) );
+	$f_highlight_changed	= gpc_get_int( 'highlight_changed', config_get( 'default_show_changed' ) );
 	# sort direction
 	$f_sort					= gpc_get_string( 'sort', 'last_updated' );
 	$f_dir					= gpc_get_string( 'dir', 'DESC' );
Index: view_filters_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/view_filters_page.php,v
retrieving revision 1.22.6.1
retrieving revision 1.22.6.3
diff -u -r1.22.6.1 -r1.22.6.3
--- view_filters_page.php	10 Dec 2005 03:31:48 -0000	1.22.6.1
+++ view_filters_page.php	8 Jan 2006 15:37:51 -0000	1.22.6.3
@@ -24,11 +24,14 @@
 	html_page_top2();
 
 	$t_project_id = helper_get_current_project();
+	$t_current_user_access_level = current_user_get_access_level();
 	$t_target_field = gpc_get_string( 'target_field', '' );
 	$t_fields = array( 'priority', 'id', 'sponsorship_total', 'category', 'severity', 'status', 'last_updated', 'summary' );
 	$t_accessible_custom_fields_ids = array();
 	$t_accessible_custom_fields_names = array();
 	$t_accessible_custom_fields_values = array();
+	$t_custom_cols = 1;
+	$t_custom_rows = 0;
 
 	if ( ON == config_get( 'filter_by_custom_fields' ) ) {
 		$t_custom_cols = config_get( 'filter_custom_fields_per_row' );
@@ -104,8 +107,6 @@
 	
 	$t_current_user_access_level = current_user_get_access_level();
 	$t_filter_cols = 7;
-	$t_custom_cols = 1;
-	$t_custom_rows = 0;
 
 	$f_for_screen = gpc_get_bool( 'for_screen', true );
 
Index: core/database_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/database_api.php,v
retrieving revision 1.38
retrieving revision 1.38.4.1
diff -u -r1.38 -r1.38.4.1
--- core/database_api.php	9 Dec 2004 18:55:06 -0000	1.38
+++ core/database_api.php	5 Jan 2006 03:57:56 -0000	1.38.4.1
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: database_api.php,v 1.38 2004/12/09 18:55:06 thraxisp Exp $
+	# $Id: database_api.php,v 1.38.4.1 2006/01/05 03:57:56 thraxisp Exp $
 	# --------------------------------------------------------
 
 	### Database ###
@@ -175,6 +175,12 @@
 	}
 
 	# --------------------
+	function db_field_names( $p_table_name ) {
+		global $g_db;
+		return $g_db->MetaColumnNames( $p_table_name );
+	}
+
+	# --------------------
 	# Check if there is an index defined on the specified table/field and with
 	# the specified type.
 	#
@@ -236,6 +242,7 @@
 	# --------------------
 	# prepare a string before DB insertion
 	# @@@ should default be return addslashes( $p_string ); or generate an error
+	# @@@ Consider using ADODB escaping for all databases.
 	function db_prepare_string( $p_string ) {
 		global $g_db;
 		$t_db_type = config_get( 'db_type' );
@@ -246,11 +253,15 @@
 				return addslashes( $p_string );
 
 			case 'mysql':
-				return mysql_escape_string( $p_string );
+				# mysql_escape_string was deprecated in v4.3.0 
+				if ( php_version_at_least( '4.3.0' ) ) {
+					return mysql_real_escape_string( $p_string );
+				} else {
+					return mysql_escape_string( $p_string );
+				}
 
 			# For some reason mysqli_escape_string( $p_string ) always returns an empty
 			# string.  This is happening with PHP v5.0.2.
-			# @@@ Consider using ADODB escaping for all databases.
 			case 'mysqli':
 				$t_escaped = $g_db->qstr( $p_string, false );
 				return substr( $t_escaped, 1, strlen( $t_escaped ) - 2 );
Index: core/string_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/string_api.php,v
retrieving revision 1.62.4.1
retrieving revision 1.62.4.2
diff -u -r1.62.4.1 -r1.62.4.2
--- core/string_api.php	5 Dec 2005 12:12:05 -0000	1.62.4.1
+++ core/string_api.php	1 Jan 2006 04:29:49 -0000	1.62.4.2
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: string_api.php,v 1.62.4.1 2005/12/05 12:12:05 vboctor Exp $
+	# $Id: string_api.php,v 1.62.4.2 2006/01/01 04:29:49 thraxisp Exp $
 	# --------------------------------------------------------
 
 	$t_core_dir = dirname( __FILE__ ).DIRECTORY_SEPARATOR;
@@ -345,6 +345,45 @@
 	}
 
 	# --------------------
+	# strip all tags from a string
+	# This will remove HTML tags, javascript sections
+	# and white space. It will also convert some
+	# common HTML entities to their text equivalent.
+	function string_strip_tags( $p_string ) {
+		$t_search = array( 
+				'@<script[^>]*?>.*?</script>@si',	/* Strip out javascript */
+				'@<[\/\!]*?[^<>]*?>@si',			/* Strip out HTML tags */
+				'@([\r\n])[\s]+@',					/* Strip out white space */
+				'@&(quot|#34);@i',					/* Replace HTML entities */
+				'@&(amp|#38);@i',
+				'@&(lt|#60);@i',
+				'@&(gt|#62);@i',
+				'@&(nbsp|#160);@i',
+				'@&(iexcl|#161);@i',
+				'@&(cent|#162);@i',
+				'@&(pound|#163);@i',
+				'@&(copy|#169);@i',
+				'@&#(\d+);@e' );					/* evaluate as php */
+
+		$t_replace = array( 
+				'',
+				'',
+				'\1',
+				'"',
+				'&',
+				'<',
+				'>',
+				' ',
+				chr(161),
+				chr(162),
+				chr(163),
+				chr(169),
+				'chr(\1)' );
+
+		return preg_replace($t_search, $t_replace, $p_string);
+	}
+	
+	# --------------------
 	# This function looks for text with htmlentities
 	# like <b> and converts is into corresponding
 	# html <b> based on the configuration presets


Index: mantis.spec
===================================================================
RCS file: /cvs/extras/rpms/mantis/FC-4/mantis.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- mantis.spec	23 Dec 2005 15:46:58 -0000	1.8
+++ mantis.spec	20 Oct 2006 23:56:20 -0000	1.9
@@ -9,7 +9,7 @@
 Summary:	Web-based bugtracking system
 Name:		mantis
 Version:	0.19.4
-Release:	%release_func 1
+Release:	%release_func 2
 License:	GPL
 Group:		Applications/Internet
 URL:		http://mantisbt.sourceforge.net/
@@ -18,6 +18,8 @@
 Patch0:		mantis-0.19.2-iis.patch
 Patch1:		mantis-0.19.2-noexamplecom.patch
 Patch2:		mantis-0.19.2-noadmin.patch
+# unreleased patches from CVS. Could be removed after an eventual 0.19.5 release
+Patch3:		mantis-0.19.5-unreleased.patch
 BuildRoot:	%_tmppath/%name-%version-%release-buildroot
 BuildRequires:	diffutils
 Requires:	php
@@ -58,6 +60,7 @@
 %patch0 -p1 -b .iis
 %patch1 -p1 -b .noexamplecom
 %patch2 -p1 -b .noadmin
+%patch3 -p0 -b .unreleased
 
 chmod -x *.php sql/*
 rm -rf packages
@@ -154,6 +157,9 @@
 
 
 %changelog
+* Sat Oct 21 2006 Gianluca Sforna <giallu gmail com> 0.19.4-2
+- add unreleased security patches from CVS
+
 * Fri Dec 23 2005 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.19.4-1
 - SECURITY: release 0.19.4
   * File Upload Vulnerability (TKADV2005-11-002) (thraxisp)


