rpms/wordpress-mu/F-10 cve-2009-1030.patch, NONE, 1.1 wordpress-mu.spec, 1.3, 1.4
Bret Richard McMillan
bretm at fedoraproject.org
Wed Apr 8 16:05:05 UTC 2009
Author: bretm
Update of /cvs/pkgs/rpms/wordpress-mu/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9646
Modified Files:
wordpress-mu.spec
Added Files:
cve-2009-1030.patch
Log Message:
backport for cve-2009-1030
cve-2009-1030.patch:
--- NEW FILE cve-2009-1030.patch ---
--- wp-includes/wpmu-functions.php 2009-04-07 13:37:57.000000000 -0400
+++ wp-includes/wpmu-functions.php 2009-04-07 13:42:12.000000000 -0400
@@ -1836,17 +1867,29 @@
<td>
<?php
$all_blogs = get_blogs_of_user( $current_user->ID );
+ $primary_blog = get_usermeta($current_user->ID, 'primary_blog');
if( count( $all_blogs ) > 1 ) {
- $primary_blog = get_usermeta($current_user->ID, 'primary_blog');
+ $found = false;
?>
<select name="primary_blog">
- <?php foreach( (array) $all_blogs as $blog ) { ?>
- <option value='<?php echo $blog->userblog_id ?>'<?php if( $primary_blog == $blog->userblog_id ) echo ' selected="selected"' ?>>http://<?php echo $blog->domain.$blog->path ?></option>
- <?php } ?>
+ <?php foreach( (array) $all_blogs as $blog ) {
+ if( $primary_blog == $blog->userblog_id )
+ $found = true;
+ ?><option value='<?php echo $blog->userblog_id ?>'<?php if( $primary_blog == $blog->userblog_id ) echo ' selected="selected"' ?>>http://<?php echo $blog->domain.$blog->path ?></option><?php
+ } ?>
</select>
<?php
+ if( !$found ) {
+ $blog = array_shift( $all_blogs );
+ update_usermeta( $current_user->ID, 'primary_blog', $blog->userblog_id );
+ }
+ } elseif( count( $all_blogs ) == 1 ) {
+ $blog = array_shift( $all_blogs );
+ echo $blog->domain;
+ if( $primary_blog != $blog->userblog_id ) // Set the primary blog again if it's out of sync with blog list.
+ update_usermeta( $current_user->ID, 'primary_blog', $blog->userblog_id );
} else {
- echo $_SERVER['HTTP_HOST'];
+ echo "N/A";
}
?>
</td>
Index: wordpress-mu.spec
===================================================================
RCS file: /cvs/pkgs/rpms/wordpress-mu/F-10/wordpress-mu.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- wordpress-mu.spec 8 Dec 2008 21:33:25 -0000 1.3
+++ wordpress-mu.spec 8 Apr 2009 16:04:35 -0000 1.4
@@ -2,12 +2,13 @@
URL: http://mu.wordpress.org/latest.tar.gz
Name: wordpress-mu
Version: 2.6.5
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: Applications/Publishing
License: GPLv2
Source0: %{name}-%{version}.tar.gz
Source1: wordpress-mu-httpd-conf
Source2: README.fedora.wordpress-mu
+Patch0: cve-2009-1030.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: php >= 4.1.0, httpd, php-mysql
BuildArch: noarch
@@ -18,6 +19,7 @@
%prep
%setup -q
+%patch0 -b .patch0
# disable-wordpress-core-update, updates are always installed via rpm
#
@@ -26,6 +28,7 @@
echo "<?php // update script removed, updates via RPMs for Fedora ?>" > wp-includes/update.php
+
%build
@@ -99,6 +102,9 @@
%dir %{_sysconfdir}/wordpress-mu
%changelog
+* Tue Apr 7 2009 Bret McMillan <bretm at redhat.com> - 2.6.5-2
+- Patch for CVE-2009-1030
+
* Mon Dec 1 2008 Bret McMillan <bretm at redhat.com> - 2.6.5-1
- Update to 2.6.5
- http://wordpress.org/development/2008/11/wordpress-265/
More information about the fedora-extras-commits
mailing list