rpms/wordpress-mu/F-10 cve-2009-1030.patch, NONE, 1.1 wordpress-mu.spec, 1.3, 1.4

Wed Apr 8 16:05:05 UTC 2009

Author: bretm

Update of /cvs/pkgs/rpms/wordpress-mu/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9646

Modified Files:
	wordpress-mu.spec 
Added Files:
	cve-2009-1030.patch 
Log Message:
backport for cve-2009-1030

cve-2009-1030.patch:

--- NEW FILE cve-2009-1030.patch ---
--- wp-includes/wpmu-functions.php	2009-04-07 13:37:57.000000000 -0400
+++ wp-includes/wpmu-functions.php	2009-04-07 13:42:12.000000000 -0400
@@ -1836,17 +1867,29 @@
 		<td>
 		<?php
 		$all_blogs = get_blogs_of_user( $current_user->ID );
+		$primary_blog = get_usermeta($current_user->ID, 'primary_blog');
 		if( count( $all_blogs ) > 1 ) {
-			$primary_blog = get_usermeta($current_user->ID, 'primary_blog');
+			$found = false;
 			?>
 			<select name="primary_blog">
-				<?php foreach( (array) $all_blogs as $blog ) { ?>
-					<option value='<?php echo $blog->userblog_id ?>'<?php if( $primary_blog == $blog->userblog_id ) echo ' selected="selected"' ?>>http://<?php echo $blog->domain.$blog->path ?></option>
-				<?php } ?>
+				<?php foreach( (array) $all_blogs as $blog ) { 
+					if( $primary_blog == $blog->userblog_id )
+						$found = true;
+					?><option value='<?php echo $blog->userblog_id ?>'<?php if( $primary_blog == $blog->userblog_id ) echo ' selected="selected"' ?>>http://<?php echo $blog->domain.$blog->path ?></option><?php 
+				} ?>
 			</select>
 			<?php
+			if( !$found ) {
+				$blog = array_shift( $all_blogs );
+				update_usermeta( $current_user->ID, 'primary_blog', $blog->userblog_id );
+			}
+		} elseif( count( $all_blogs ) == 1 ) {
+			$blog = array_shift( $all_blogs );
+			echo $blog->domain;
+			if( $primary_blog != $blog->userblog_id ) // Set the primary blog again if it's out of sync with blog list.
+				update_usermeta( $current_user->ID, 'primary_blog', $blog->userblog_id );
 		} else {
-			echo $_SERVER['HTTP_HOST'];
+			echo "N/A";
 		}
 		?>
 		</td>


Index: wordpress-mu.spec
===================================================================
RCS file: /cvs/pkgs/rpms/wordpress-mu/F-10/wordpress-mu.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- wordpress-mu.spec	8 Dec 2008 21:33:25 -0000	1.3
+++ wordpress-mu.spec	8 Apr 2009 16:04:35 -0000	1.4
@@ -2,12 +2,13 @@
 URL: http://mu.wordpress.org/latest.tar.gz
 Name: wordpress-mu
 Version: 2.6.5
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Applications/Publishing
 License: GPLv2
 Source0: %{name}-%{version}.tar.gz
 Source1: wordpress-mu-httpd-conf
 Source2: README.fedora.wordpress-mu
+Patch0: cve-2009-1030.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: php >= 4.1.0, httpd, php-mysql
 BuildArch: noarch
@@ -18,6 +19,7 @@
 
 %prep
 %setup -q
+%patch0 -b .patch0
 
 # disable-wordpress-core-update, updates are always installed via rpm
 #
@@ -26,6 +28,7 @@
 
 echo "<?php // update script removed, updates via RPMs for Fedora ?>" > wp-includes/update.php
 
+
 %build
 
 
@@ -99,6 +102,9 @@
 %dir %{_sysconfdir}/wordpress-mu
 
 %changelog
+* Tue Apr  7 2009 Bret McMillan <bretm at redhat.com> - 2.6.5-2
+- Patch for CVE-2009-1030
+
 * Mon Dec  1 2008 Bret McMillan <bretm at redhat.com> - 2.6.5-1
 - Update to 2.6.5
 - http://wordpress.org/development/2008/11/wordpress-265/


