rpms/wordpress-mu/F-11 cve-2009-2334.patch, NONE, 1.1 wordpress-mu.spec, 1.7, 1.8

Bret Richard McMillan bretm at fedoraproject.org
Fri Jul 10 18:13:28 UTC 2009 

Author: bretm

Update of /cvs/pkgs/rpms/wordpress-mu/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15643

Modified Files:
	wordpress-mu.spec 
Added Files:
	cve-2009-2334.patch 
Log Message:
patch for cve-2009-2334

cve-2009-2334.patch:

--- NEW FILE cve-2009-2334.patch ---
diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php
index 796c4c9..1dd38ce 100644
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@@ -541,7 +541,7 @@ function uninstall_plugin($plugin) {
 //
 
 function add_menu_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '' ) {
-	global $menu, $admin_page_hooks;
+	global $menu, $admin_page_hooks, $_registered_pages;
 
 	$file = plugin_basename( $file );
 
@@ -556,11 +556,13 @@ function add_menu_page( $page_title, $menu_title, $access_level, $file, $functio
 
 	$menu[] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
 
+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }
 
 function add_object_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
-	global $menu, $admin_page_hooks, $_wp_last_object_menu;
+	global $menu, $admin_page_hooks, $_wp_last_object_menu, $_registered_pages;
 
 	$file = plugin_basename( $file );
 
@@ -577,11 +579,13 @@ function add_object_page( $page_title, $menu_title, $access_level, $file, $funct
 
 	$menu[$_wp_last_object_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
 
+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }
 
 function add_utility_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
-	global $menu, $admin_page_hooks, $_wp_last_utility_menu;
+	global $menu, $admin_page_hooks, $_wp_last_utility_menu, $_registered_pages;
 
 	$file = plugin_basename( $file );
 
@@ -598,6 +602,8 @@ function add_utility_page( $page_title, $menu_title, $access_level, $file, $func
 
 	$menu[$_wp_last_utility_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
 
+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }
 
@@ -606,6 +612,7 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	global $menu;
 	global $_wp_real_parent_file;
 	global $_wp_submenu_nopriv;
+	global $_registered_pages;
 
 	$file = plugin_basename( $file );
 
@@ -635,6 +642,8 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	if (!empty ( $function ) && !empty ( $hookname ))
 		add_action( $hookname, $function );
 
+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }
 
@@ -859,14 +868,21 @@ function user_can_access_admin_page() {
 	global $_wp_menu_nopriv;
 	global $_wp_submenu_nopriv;
 	global $plugin_page;
+        global $_registered_pages;
 
 	$parent = get_admin_page_parent();
 
-	if ( isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
+        if ( !isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
 		return false;
 
-	if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
-		return false;
+        if ( isset( $plugin_page ) ) {
+                if ( isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
+                       return false;
+
+                $hookname = get_plugin_page_hookname($plugin_page, $parent);
+                if ( !isset($_registered_pages[$hookname]) )
+                        return false;
+        }
 
 	if ( empty( $parent) ) {
 		if ( isset( $_wp_menu_nopriv[$pagenow] ) )
@@ -875,6 +891,8 @@ function user_can_access_admin_page() {
 			return false;
 		if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$pagenow][$plugin_page] ) )
 			return false;
+		if ( isset( $plugin_page ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+			return false;
 		foreach (array_keys( $_wp_submenu_nopriv ) as $key ) {
 			if ( isset( $_wp_submenu_nopriv[$key][$pagenow] ) )
 				return false;
@@ -884,6 +902,9 @@ function user_can_access_admin_page() {
 		return true;
 	}
 
+	if ( isset( $plugin_page ) && ( $plugin_page == $parent ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+		return false;
+
 	if ( isset( $submenu[$parent] ) ) {
 		foreach ( $submenu[$parent] as $submenu_array ) {
 			if ( isset( $plugin_page ) && ( $submenu_array[2] == $plugin_page ) ) {


Index: wordpress-mu.spec
===================================================================
RCS file: /cvs/pkgs/rpms/wordpress-mu/F-11/wordpress-mu.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -p -r1.7 -r1.8
--- wordpress-mu.spec	25 Feb 2009 19:01:23 -0000	1.7
+++ wordpress-mu.spec	10 Jul 2009 18:12:58 -0000	1.8
@@ -2,12 +2,13 @@ Summary: WordPress-MU multi-user bloggin
 URL: http://mu.wordpress.org/latest.tar.gz
 Name: wordpress-mu
 Version: 2.7
-Release: 5%{?dist}
+Release: 6%{?dist}
 Group: Applications/Publishing
 License: GPLv2
 Source0: %{name}-%{version}.tar.gz
 Source1: wordpress-mu-httpd-conf
 Source2: README.fedora.wordpress-mu
+Patch0: cve-2009-2334.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: php >= 4.1.0, httpd, php-mysql
 BuildArch: noarch
@@ -18,6 +19,7 @@ one instance to serve multiple users.
 
 %prep
 %setup -q -n wordpress-mu
+%patch0 -p1 -b .patch1
 
 # disable-wordpress-core-update, updates are always installed via rpm
 #
@@ -98,6 +100,9 @@ rm -rf %{buildroot}
 %dir %{_sysconfdir}/wordpress-mu
 
 %changelog
+* Fri Jul 10 2009 Bret McMillan <bretm at redhat.com> - 2.7-6
+- Patch for CVE-2009-2334
+
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.7-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

More information about the fedora-extras-commits mailing list