rpms/ocsinventory/EL-4 ocsinventory.patch, NONE, 1.1 ocsinventory.spec, 1.5, 1.6
Remi Collet
remi at fedoraproject.org
Mon Aug 17 15:08:03 UTC 2009
Author: remi
Update of /cvs/extras/rpms/ocsinventory/EL-4
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv843
Modified Files:
ocsinventory.spec
Added Files:
ocsinventory.patch
Log Message:
security fix
ocsinventory.patch:
machine.php | 89 +++++++++++++++++++++++++++++++-----------------------------
1 file changed, 47 insertions(+), 42 deletions(-)
--- NEW FILE ocsinventory.patch ---
--- branches/server/1.02/ocsreports/machine.php 2009/06/29 11:51:53 1762
+++ branches/server/1.02/ocsreports/machine.php 2009/08/12 10:24:11 1829
@@ -25,7 +25,7 @@
if (isset($_GET['systemid'])) {
$systemid = $_GET['systemid'];
- if ($systemid == "")
+ if ($systemid == "" or !is_numeric($systemid))
{
echo "Please Supply A System ID";
die();
@@ -33,7 +33,12 @@
}
elseif (isset($_POST['systemid'])) {
$systemid = $_POST['systemid'];
+ if ($systemid == "" or !is_numeric($systemid)){
+ echo "Please Supply A System ID";
+ die();
+ }
}
+
//for update blacklist serial or mac
update_blacklist();
@@ -51,27 +56,27 @@
}
else
$_SESSION["justAdded"] = false;
- //TODO: voir si on loggue les evenements de groupe
-if( isset( $_GET["actgrp"] )) {
- //v�rification si la valeur correspond � un groupe
- $reqGroups = "SELECT h.id id
- FROM hardware h
- WHERE h.deviceid='_SYSTEMGROUP_' ";
- //pour les autres qu'SADMIN, ajout que pour les groupes d�clar�s visibles
- if ($_SESSION["lvluser"]!=SADMIN)
- $reqGroups .= " and h.workgroup = 'GROUP_4_ALL'";
- $resGroups = mysql_query( $reqGroups, $_SESSION["readServer"] );
- $valGroups = mysql_fetch_array( $resGroups );
- if (isset($valGroups['id'])){
- $reqDelete = "DELETE FROM groups_cache WHERE hardware_id=".$systemid." AND group_id=".$_GET["grp"];
-
- if( $_GET["actgrp"] == 0 )
- $reqDelete .= " AND static<>0";
- $reqInsert = "INSERT INTO groups_cache(hardware_id, group_id, static) VALUES (".$systemid.", ".$_GET["grp"].", ".$_GET["actgrp"].")";
- @mysql_query( $reqDelete, $_SESSION["writeServer"] );
- if( $_GET["actgrp"] != 0 )
- @mysql_query( $reqInsert, $_SESSION["writeServer"] );
- }
+ //TODO: voir si on loggue les evenements de groupe
+if( isset( $_GET["actgrp"] )) {
+ //v�rification si la valeur correspond � un groupe
+ $reqGroups = "SELECT h.id id
+ FROM hardware h
+ WHERE h.deviceid='_SYSTEMGROUP_' ";
+ //pour les autres qu'SADMIN, ajout que pour les groupes d�clar�s visibles
+ if ($_SESSION["lvluser"]!=SADMIN)
+ $reqGroups .= " and h.workgroup = 'GROUP_4_ALL'";
+ $resGroups = mysql_query( $reqGroups, $_SESSION["readServer"] );
+ $valGroups = mysql_fetch_array( $resGroups );
+ if (isset($valGroups['id'])){
+ $reqDelete = "DELETE FROM groups_cache WHERE hardware_id=".$systemid." AND group_id=".$_GET["grp"];
+
+ if( $_GET["actgrp"] == 0 )
+ $reqDelete .= " AND static<>0";
+ $reqInsert = "INSERT INTO groups_cache(hardware_id, group_id, static) VALUES (".$systemid.", ".$_GET["grp"].", ".$_GET["actgrp"].")";
+ @mysql_query( $reqDelete, $_SESSION["writeServer"] );
+ if( $_GET["actgrp"] != 0 )
+ @mysql_query( $reqInsert, $_SESSION["writeServer"] );
+ }
}
$queryMachine = "SELECT * FROM hardware WHERE (ID=$systemid)";
@@ -413,8 +418,8 @@
//PROLOG_FREQ
optperso("PROLOG_FREQ",$l->g(724)." <font color=green size=1><i>PROLOG_FREQ</i></font>",$optPerso,0,$optdefault["PROLOG_FREQ"],$l->g(730));
//GROUPS
- $sql_groups="SELECT static, name, group_id,workgroup FROM groups_cache g, hardware h WHERE g.hardware_id=$systemid AND h.id=g.group_id";
- $resGroups = @mysql_query($sql_groups, $_SESSION["readServer"]) or die(mysql_error($_SESSION["readServer"]));
+ $sql_groups="SELECT static, name, group_id,workgroup FROM groups_cache g, hardware h WHERE g.hardware_id=$systemid AND h.id=g.group_id";
+ $resGroups = @mysql_query($sql_groups, $_SESSION["readServer"]) or die(mysql_error($_SESSION["readServer"]));
if( mysql_num_rows( $resGroups )>0 ) {
while( $valGroups = mysql_fetch_array( $resGroups ) ) {
@@ -422,7 +427,7 @@
echo "<tr>";
echo "<td bgcolor='white' align='center' valign='center'> </td>";
echo $td3.$l->g(607)." ";
- if( $_SESSION["lvluser"] == SADMIN || $_SESSION["lvluser"] == LADMIN || $valGroups["workgroup"]=="GROUP_4_ALL")
+ if( $_SESSION["lvluser"] == SADMIN || $_SESSION["lvluser"] == LADMIN || $valGroups["workgroup"]=="GROUP_4_ALL")
echo "<a href='index.php?multi=29&popup=1&systemid=".$valGroups["group_id"]."' target='_blank'>".$valGroups["name"]."</td>";
else
echo "<b>".$valGroups["name"]."</b></td>";
@@ -434,11 +439,11 @@
case 2: echo "<font color='red'>".$l->g(597)."</font></td>"; break;
}
- if( $_SESSION["lvluser"]==SADMIN || $valGroups["workgroup"]=="GROUP_4_ALL") {
+ if( $_SESSION["lvluser"]==SADMIN || $valGroups["workgroup"]=="GROUP_4_ALL") {
$hrefBase = "machine.php?systemid=".urlencode($systemid)."&option=".urlencode($l->g(500))."&grp=".$valGroups["group_id"];
switch( $valGroups["static"] ) {
case 0: echo $td3."<a href='$hrefBase&actgrp=1'>".$l->g(598)."</a> <a href='$hrefBase&actgrp=2'>".$l->g(600)."</a></td>"; break;
- case 1: echo $td3."<a href='$hrefBase&actgrp=0'>".$l->g(818)."</a></td>"; break;
+ case 1: echo $td3."<a href='$hrefBase&actgrp=0'>".$l->g(818)."</a></td>"; break;
case 2: echo $td3."<a href='$hrefBase&actgrp=1'>".$l->g(598)."</a> <a href='$hrefBase&actgrp=0'>".$l->g(599)."</a></td>"; break;
}
}
@@ -467,20 +472,20 @@
echo "</tr>";
}
}
-
+
$hrefBase = "machine.php?systemid=".urlencode($systemid)."&option=".urlencode($l->g(500));
echo "<tr><td colspan='10' align='right'>";
- if( $_SESSION["lvluser"]==SADMIN )
- echo "<a href='index.php?multi=24&systemid=$systemid&isgroup=0'>".$l->g(501)."</a>".$l->g(386);
- echo " <a href=# OnClick=window.location='$hrefBase&actgrp=1&grp='+document.getElementById(\"groupcombo\").options[document.getElementById(\"groupcombo\").selectedIndex].value>".
+ if( $_SESSION["lvluser"]==SADMIN )
+ echo "<a href='index.php?multi=24&systemid=$systemid&isgroup=0'>".$l->g(501)."</a>".$l->g(386);
+ echo " <a href=# OnClick=window.location='$hrefBase&actgrp=1&grp='+document.getElementById(\"groupcombo\").options[document.getElementById(\"groupcombo\").selectedIndex].value>".
$l->g(589)."</a>";
-
- $reqGroups = "SELECT h.name,h.id,h.workgroup
- FROM hardware h
- WHERE h.deviceid='_SYSTEMGROUP_'";
- if( $_SESSION["lvluser"]!=SADMIN )
- $reqGroups .= " and workgroup = 'GROUP_4_ALL'";
+
+ $reqGroups = "SELECT h.name,h.id,h.workgroup
+ FROM hardware h
+ WHERE h.deviceid='_SYSTEMGROUP_'";
+ if( $_SESSION["lvluser"]!=SADMIN )
+ $reqGroups .= " and workgroup = 'GROUP_4_ALL'";
$resGroups = mysql_query( $reqGroups, $_SESSION["readServer"] );
$first = true;
while( $valGroups = mysql_fetch_array( $resGroups ) ) {
@@ -495,7 +500,7 @@
echo "</select>";
echo "</td></tr>";
- //}
+ //}
echo "</table><br>";
if ($_POST['modification_param'])
@@ -784,7 +789,7 @@
$td3".textDecode($item->TYPE)." </td>
$td3".textDecode($item->SPEED)." </td>
$td3".textDecode($item->MACADDR).($const?"<br>($const)":"");
- blacklist("select ID from blacklist_macaddresses where macaddress='".textDecode($item->MACADDR)."'",textDecode($item->MACADDR),$l->g(704)." ".$l->g(708),$l->g(705)." ".$l->g(708),"Réseau(x)");
+ blacklist("select ID from blacklist_macaddresses where macaddress='".textDecode($item->MACADDR)."'",textDecode($item->MACADDR),$l->g(704)." ".$l->g(708),$l->g(705)." ".$l->g(708),"Reseau(x)");
echo "</td>";
echo "$td3".textDecode($item->STATUS)." </td>
$td3".textDecode($item->IPADDRESS)." </td>
@@ -1185,7 +1190,7 @@
<script language=javascript>
function confirme(did,champ,lbl){
if(confirm(lbl+" ?"))
- window.location="machine.php?systemid=<? echo $systemid ?>&option=<? echo $direct ?>&"+champ+"="+did;
+ window.location="machine.php?systemid=<?php echo $systemid ?>&option=<?php echo $direct ?>&"+champ+"="+did;
}
</script>
<?php
@@ -1211,7 +1216,7 @@
@mysql_query("INSERT INTO blacklist_serials (SERIAL) value ('".$_GET['black']."')", $_SESSION["writeServer"]);
//blacklist mac
- if (isset($_GET['black']) & $_SESSION["lvluser"]==SADMIN & $_GET['option'] == "Réseau(x)")
+ if (isset($_GET['black']) & $_SESSION["lvluser"]==SADMIN & $_GET['option'] == "Reseau(x)")
@mysql_query("INSERT INTO blacklist_macaddresses (MACADDRESS) value ('".$_GET['black']."')", $_SESSION["writeServer"]);
// unblacklist serial
@@ -1219,7 +1224,7 @@
@mysql_query("DELETE FROM blacklist_serials WHERE id=".$_GET['noblack'], $_SESSION["writeServer"]);
// unblacklist mac
- if (isset($_GET['noblack']) & $_SESSION["lvluser"]==SADMIN & $_GET['option'] == "Réseau(x)")
+ if (isset($_GET['noblack']) & $_SESSION["lvluser"]==SADMIN & $_GET['option'] == "Reseau(x)")
@mysql_query("DELETE FROM blacklist_macaddresses WHERE id=".$_GET['noblack'], $_SESSION["writeServer"]);
}
Index: ocsinventory.spec
===================================================================
RCS file: /cvs/extras/rpms/ocsinventory/EL-4/ocsinventory.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- ocsinventory.spec 30 May 2009 18:56:24 -0000 1.5
+++ ocsinventory.spec 17 Aug 2009 15:08:03 -0000 1.6
@@ -10,7 +10,7 @@ Name: ocsinventory
Summary: Open Computer and Software Inventory Next Generation
Version: 1.02.1
-Release: 1%{?dist}
+Release: 3%{?dist}
Group: Applications/Internet
License: GPLv2
@@ -19,6 +19,8 @@ URL: http://www.ocsinventory-ng.
Source0: http://downloads.sourceforge.net/%{name}/%{tarname}.tar.gz
Source1: ocsinventory-reports.conf
+# http://ocsinventory.svn.sourceforge.net/viewvc/ocsinventory/branches/server/1.02/ocsreports/machine.php?r1=1762&r2=1829&view=patch
+Patch0: ocsinventory.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -126,6 +128,7 @@ navigateur favori.
%prep
%setup -q -n %{tarname}
+%patch0 -p3
%build
cd Apache
@@ -259,7 +262,7 @@ fi
%files reports
%defattr(-, root, root, -)
-%doc LICENSE.txt README
+%doc LICENSE.txt README ChangeLog
%dir %{_sysconfdir}/ocsinventory
%dir %{_sysconfdir}/ocsinventory/ocsinventory-reports
%attr(640,apache,root) %config(noreplace) %{_sysconfdir}/ocsinventory/ocsinventory-reports/dbconfig.inc.php
@@ -271,6 +274,10 @@ fi
%changelog
+* Mon Aug 17 2009 Remi Collet <Fedora at famillecollet.com> 1.02.1-3
+- add ChangeLog
+- Security Fixes (internal version 5003) Bug #517837
+
* Sat May 30 2009 Remi Collet <Fedora at famillecollet.com> 1.02.1-1
- update to OCS Inventory NG 1.02.1 - Security Fixes (internal version 5003)
More information about the fedora-extras-commits
mailing list