rpms/glpi/EL-5 glpi-0.71.5.patch,NONE,1.1 glpi.spec,1.12,1.13
Remi Collet
remi at fedoraproject.org
Sun Apr 26 15:02:31 UTC 2009
Author: remi
Update of /cvs/extras/rpms/glpi/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23733
Modified Files:
glpi.spec
Added Files:
glpi-0.71.5.patch
Log Message:
post 0.71.5 patches from upstream
glpi-0.71.5.patch:
--- NEW FILE glpi-0.71.5.patch ---
Commits in branches/0.71-bugfixes after 0.71.5 released
7917 Cache clean when rule is deleted see #1227
7938 More security test
7963 correct styles
7978 restore problem
7985 Remove space when trying to build a user's dn
7994 fix memory_limit = -1 detection
7997 fix externalImportDropdown for phone
8060 fix cartridge time in stock / used computation - Fixed #1243
8100 don't delete dropdown ID=0
8186 Error when making an ldap request and login field is not present
8202 default profil with CAS - fixed #1259
8236 fix type in SQL request
Index: branches/0.71-bugfixes/ajax/dropdownValue.php
===================================================================
--- branches/0.71-bugfixes/ajax/dropdownValue.php (revision 7882)
+++ branches/0.71-bugfixes/ajax/dropdownValue.php (revision 7938)
@@ -52,4 +52,8 @@
checkLoginUser();
+// Security
+if (! TableExists($_POST['table']) ){
+ exit();
+}
if (isset($_POST["entity_restrict"])&&!is_numeric($_POST["entity_restrict"])&&!is_array($_POST["entity_restrict"])){
Index: branches/0.71-bugfixes/ajax/dropdownUsersTracking.php
===================================================================
--- branches/0.71-bugfixes/ajax/dropdownUsersTracking.php (revision 7763)
+++ branches/0.71-bugfixes/ajax/dropdownUsersTracking.php (revision 7938)
@@ -47,4 +47,9 @@
checkCentralAccess();
+
+// Security
+if ( ! FieldExists("glpi_tracking",$_POST['field']) ){
+ exit();
+}
// Make a select box with all glpi users
Index: branches/0.71-bugfixes/ajax/autocompletion.php
===================================================================
--- branches/0.71-bugfixes/ajax/autocompletion.php (revision 7882)
+++ branches/0.71-bugfixes/ajax/autocompletion.php (revision 7938)
@@ -45,4 +45,10 @@
checkLoginUser();
+
+// Security
+if (! TableExists($_POST['table']) || ! FieldExists($_POST['table'],$_POST['field']) ){
+ exit();
+}
+
$entity="";
if (isset($_POST['entity_restrict'])&&$_POST['entity_restrict']>=0&&in_array($_POST['table'],$CFG_GLPI["specif_entities_tables"])){
Index: branches/0.71-bugfixes/ajax/dropdownFindNum.php
===================================================================
--- branches/0.71-bugfixes/ajax/dropdownFindNum.php (revision 7882)
+++ branches/0.71-bugfixes/ajax/dropdownFindNum.php (revision 7938)
@@ -41,4 +41,9 @@
checkRight("create_ticket","1");
+
+// Security
+if (! TableExists($_POST['table']) ){
+ exit();
+}
$where="";
Index: branches/0.71-bugfixes/ajax/comments.php
===================================================================
--- branches/0.71-bugfixes/ajax/comments.php (revision 7763)
+++ branches/0.71-bugfixes/ajax/comments.php (revision 7938)
@@ -44,4 +44,9 @@
checkLoginUser();
+// Security
+if (! TableExists($_POST['table']) ){
+ exit();
+}
+
if (isset($_POST["table"])&&isset($_POST["value"])){
switch ($_POST["table"]){
Index: branches/0.71-bugfixes/front/backup.php
===================================================================
--- branches/0.71-bugfixes/front/backup.php (revision 7883)
+++ branches/0.71-bugfixes/front/backup.php (revision 7978)
@@ -288,5 +288,6 @@
$buffer=fgets($fileHandle,102400);
- if(substr($buffer, 0, 1) != "#")
+ // do not strip comments due to problems when # in begin of a data line
+ //if(substr($buffer, 0, 1) != "#")
{
$formattedQuery .= $buffer;
@@ -295,5 +296,5 @@
// Do not use the $DB->query
- if ($DB->query($formattedQuery)) //r�ssie sinon continue �conca&t�er
+ if ($DB->query($formattedQuery)) //if no success continue to concatenate
{
Index: branches/0.71-bugfixes/front/setup.dropdowns.php
===================================================================
--- branches/0.71-bugfixes/front/setup.dropdowns.php (revision 7763)
+++ branches/0.71-bugfixes/front/setup.dropdowns.php (revision 8100)
@@ -52,4 +52,15 @@
elseif (isset($_GET["which"]))$which=$_GET["which"];
else $which="";
+
+
+// Security
+if (!empty($which) && ! TableExists($which) ){
+ exit();
+}
+
+// Security
+if (isset($_POST["tablename"]) && ! TableExists($_POST["tablename"]) ){
+ exit();
+}
if (isset($_GET["where"]))$where=$_GET["where"];
@@ -104,5 +115,5 @@
glpi_header($_SERVER['PHP_SELF']."?which=$which&value2=$value2&tomove=$tomove&where=$where&type=$type&FK_entities=$FK_entities");
-} else if (isset($_POST["delete"])) {
+} else if (isset($_POST["delete"]) && $_POST["ID"]>0) {
if(dropdownUsed($_POST["tablename"], $_POST["ID"]) && empty($_POST["forcedelete"])) {
if (!ereg("popup",$_SERVER['PHP_SELF'])){
Index: branches/0.71-bugfixes/front/entity.tree.php
===================================================================
--- branches/0.71-bugfixes/front/entity.tree.php (revision 7763)
+++ branches/0.71-bugfixes/front/entity.tree.php (revision 7938)
@@ -46,4 +46,10 @@
$which=ENTITY_TYPE;
+
+// Security
+if (isset($_POST["tablename"]) && ! TableExists($_POST["tablename"]) ){
+ exit();
+}
+
if (isset($_GET["where"]))$where=$_GET["where"];
Index: branches/0.71-bugfixes/css/styles.css
===================================================================
--- branches/0.71-bugfixes/css/styles.css (revision 7763)
+++ branches/0.71-bugfixes/css/styles.css (revision 7963)
@@ -39,4 +39,5 @@
margin: 0;
padding: 0;
+ background: white;
}
@@ -156,11 +157,14 @@
font-size: 11px;
border: 1px solid #888888;
+ color: black;
+ background-color: white;
}
textarea, input {
-background-color:#FAFAFA;
-border: 1px solid #888888;
-font-size: 11px;
+ background-color:#FAFAFA;
+ color: black;
+ border: 1px solid #888888;
+ font-size: 11px;
}
Index: branches/0.71-bugfixes/inc/search.function.php
===================================================================
--- branches/0.71-bugfixes/inc/search.function.php (revision 7763)
+++ branches/0.71-bugfixes/inc/search.function.php (revision 7929)
@@ -1473,4 +1473,9 @@
function addOrderBy($type,$ID,$order,$key=0){
global $SEARCH_OPTION,$CFG_GLPI,$PLUGIN_HOOKS;
+
+ // Security test for order
+ if ($order!="ASC"){
+ $order="DESC";
+ }
$table=$SEARCH_OPTION[$type][$ID]["table"];
Index: branches/0.71-bugfixes/inc/ldap.function.php
===================================================================
--- branches/0.71-bugfixes/inc/ldap.function.php (revision 7875)
+++ branches/0.71-bugfixes/inc/ldap.function.php (revision 8186)
@@ -433,12 +433,18 @@
if (!$sync)
{
- $ldap_users[$info[$ligne][$config_ldap->fields['ldap_login']][0]] = $info[$ligne][$config_ldap->fields['ldap_login']][0];
- $user_infos[$info[$ligne][$config_ldap->fields['ldap_login']][0]]["timestamp"]=ldapStamp2UnixStamp($info[$ligne]['modifytimestamp'][0],$config_ldap->fields['timezone'],true);
+ if (in_array($config_ldap->fields['ldap_login'],$info[$ligne]))
+ {
+ $ldap_users[$info[$ligne][$config_ldap->fields['ldap_login']][0]] = $info[$ligne][$config_ldap->fields['ldap_login']][0];
+ $user_infos[$info[$ligne][$config_ldap->fields['ldap_login']][0]]["timestamp"]=ldapStamp2UnixStamp($info[$ligne]['modifytimestamp'][0],$config_ldap->fields['timezone'],true);
+ }
}
else
{
//If ldap synchronisation
- $ldap_users[$info[$ligne][$config_ldap->fields['ldap_login']][0]] = ldapStamp2UnixStamp($info[$ligne]['modifytimestamp'][0],$config_ldap->fields['timezone'],true);
- $user_infos[$info[$ligne][$config_ldap->fields['ldap_login']][0]]["timestamp"]=ldapStamp2UnixStamp($info[$ligne]['modifytimestamp'][0],$config_ldap->fields['timezone'],true);
+ if (in_array($config_ldap->fields['ldap_login'],$info[$ligne]))
+ {
+ $ldap_users[$info[$ligne][$config_ldap->fields['ldap_login']][0]] = ldapStamp2UnixStamp($info[$ligne]['modifytimestamp'][0],$config_ldap->fields['timezone'],true);
+ $user_infos[$info[$ligne][$config_ldap->fields['ldap_login']][0]]["timestamp"]=ldapStamp2UnixStamp($info[$ligne]['modifytimestamp'][0],$config_ldap->fields['timezone'],true);
+ }
}
}
Index: branches/0.71-bugfixes/inc/user.class.php
===================================================================
--- branches/0.71-bugfixes/inc/user.class.php (revision 7875)
+++ branches/0.71-bugfixes/inc/user.class.php (revision 8202)
@@ -239,8 +239,8 @@
$this->syncLdapGroups($input);
- $this->applyRightRules($input);
+ $rulesplayed = $this->applyRightRules($input);
// Add default profile
- if ($input['auth_method']==AUTH_DB_GLPI || (isAlternateAuthWithLdap($input['auth_method']))){
+ if (!$rulesplayed){
$sql_default_profile = "SELECT ID FROM glpi_profiles WHERE is_default=1";
$result = $DB->query($sql_default_profile);
@@ -322,4 +322,6 @@
*
*@param $input data used to apply rules
+ *
+ *@return boolean : true if we play the Rule Engine
**/
function applyRightRules($input){
@@ -388,6 +390,9 @@
//Unset all the temporary tables
unset($input["_ldap_rules"]);
- }
-
+
+ return true;
+ }
+ return false;
+
}
/**
Index: branches/0.71-bugfixes/inc/tracking.function.php
===================================================================
--- branches/0.71-bugfixes/inc/tracking.function.php (revision 7899)
+++ branches/0.71-bugfixes/inc/tracking.function.php (revision 7946)
@@ -834,5 +834,5 @@
dropdownValue("glpi_groups", "assign_group", $assign_group,1,$_SESSION["glpiactive_entity"]);
- } else if (haveRight("steal_ticket","1")) {
+ } else { // steal active
echo $LANG["job"][6].": ";
dropdownUsers("assign",$assign,"ID",0,1,$_SESSION["glpiactive_entity"]);
Index: branches/0.71-bugfixes/inc/cartridge.function.php
===================================================================
--- branches/0.71-bugfixes/inc/cartridge.function.php (revision 7763)
+++ branches/0.71-bugfixes/inc/cartridge.function.php (revision 8060)
@@ -345,6 +345,6 @@
echo $date_use;
- $tmp_dbeg=split("-",$date_in);
- $tmp_dend=split("-",$date_use);
+ $tmp_dbeg=split("-",$data["date_in"]);
+ $tmp_dend=split("-",$data["date_use"]);
$stock_time_tmp= mktime(0,0,0,$tmp_dend[1],$tmp_dend[2],$tmp_dend[0])
@@ -356,6 +356,6 @@
if ($old!=0){
- $tmp_dbeg=split("-",$date_use);
- $tmp_dend=split("-",$date_out);
+ $tmp_dbeg=split("-",$data["date_use"]);
+ $tmp_dend=split("-",$data["date_out"]);
$use_time_tmp= mktime(0,0,0,$tmp_dend[1],$tmp_dend[2],$tmp_dend[0])
Index: branches/0.71-bugfixes/inc/reminder.class.php
===================================================================
--- branches/0.71-bugfixes/inc/reminder.class.php (revision 7763)
+++ branches/0.71-bugfixes/inc/reminder.class.php (revision 7926)
@@ -56,5 +56,9 @@
global $LANG;
- if(empty($input["name"])) $input["name"]=$LANG["reminder"][15];
+
+ $input["name"] = trim($input["name"]);
+ if(empty($input["name"])) {
+ $input["name"]=$LANG["reminder"][15];
+ }
$input["begin"] = $input["end"] = "0000-00-00 00:00:00";
@@ -84,5 +88,8 @@
global $LANG;
- if(empty($input["name"])) $input["name"]=$LANG["reminder"][15];
+ $input["name"] = trim($input["name"]);
+ if(empty($input["name"])) {
+ $input["name"]=$LANG["reminder"][15];
+ }
Index: branches/0.71-bugfixes/inc/common.function.php
===================================================================
--- branches/0.71-bugfixes/inc/common.function.php (revision 7882)
+++ branches/0.71-bugfixes/inc/common.function.php (revision 7994)
@@ -563,5 +563,5 @@
//if(empty($mem)) {$mem=get_cfg_var("memory_limit");} // Sous Win l'ini_get ne retourne rien.....
- preg_match("/([0-9]+)([KMG]*)/",$mem,$matches);
+ preg_match("/([-0-9]+)([KMG]*)/",$mem,$matches);
// no K M or G
@@ -666,5 +666,5 @@
$value = is_array($value) ?
array_map('addslashes_deep', $value) :
- (is_null($value) ? NULL : addslashes($value));
+ (is_null($value) ? NULL : mysql_real_escape_string($value));
return $value;
}
@@ -680,6 +680,6 @@
*/
function clean_cross_side_scripting_deep($value) {
- $in=array("<",">");
- $out=array("<",">");
+ $in=array('<','>');
+ $out=array("<",">");
$value = is_array($value) ?
array_map('clean_cross_side_scripting_deep', $value) :
@@ -695,8 +695,8 @@
*/
function unclean_cross_side_scripting_deep($value) {
- $in=array("<",">");
- $out=array("<",">");
+ $in=array('<','>');
+ $out=array("<",">");
$value = is_array($value) ?
- array_map('clean_cross_side_scripting_deep', $value) :
+ array_map('unclean_cross_side_scripting_deep', $value) :
(is_null($value) ? NULL : str_replace($out,$in,$value));
return $value;
Index: branches/0.71-bugfixes/inc/software.function.php
===================================================================
--- branches/0.71-bugfixes/inc/software.function.php (revision 7875)
+++ branches/0.71-bugfixes/inc/software.function.php (revision 8236)
@@ -1173,5 +1173,5 @@
$query .= " AND expire IS NULL";
} else {
- $query .= " AND .expire = '" . addslashes($lic->fields['expire']) . "'";
+ $query .= " AND expire = '" . addslashes($lic->fields['expire']) . "'";
}
Index: branches/0.71-bugfixes/inc/rulesengine.class.php
===================================================================
--- branches/0.71-bugfixes/inc/rulesengine.class.php (revision 7901)
+++ branches/0.71-bugfixes/inc/rulesengine.class.php (revision 7917)
@@ -2093,4 +2093,9 @@
}
+ function cleanDBonPurge($ID){
+ parent::cleanDBonPurge($ID);
+ $this->deleteCacheByRuleId($ID);
+ }
+
function post_updateItem($input,$updates,$history=1) {
if(isset($updates['match']))
Index: branches/0.71-bugfixes/inc/auth.function.php
===================================================================
--- branches/0.71-bugfixes/inc/auth.function.php (revision 7882)
+++ branches/0.71-bugfixes/inc/auth.function.php (revision 7985)
@@ -993,5 +993,5 @@
return $info[0]['dn'];
} else { // Si echec, essayer de deviner le DN / Flat LDAP
- $dn = "$login_attr=$login, " . $basedn;
+ $dn = "$login_attr=$login," . $basedn;
return $dn;
}
Index: branches/0.71-bugfixes/inc/includes.php
===================================================================
--- branches/0.71-bugfixes/inc/includes.php (revision 7763)
+++ branches/0.71-bugfixes/inc/includes.php (revision 7934)
@@ -95,16 +95,18 @@
// Security system
if (isset($_POST)){
- if (!get_magic_quotes_gpc()){
- $_POST = array_map('addslashes_deep', $_POST);
+ if (get_magic_quotes_gpc()){
+ $_POST = array_map('stripslashes_deep', $_POST);
}
+
+ $_POST = array_map('addslashes_deep', $_POST);
$_POST = array_map('clean_cross_side_scripting_deep', $_POST);
}
if (isset($_GET)){
- if (!get_magic_quotes_gpc()){
- $_GET = array_map('addslashes_deep', $_GET);
+ if (get_magic_quotes_gpc()){
+ $_GET = array_map('stripslashes_deep', $_GET);
}
+ $_GET = array_map('addslashes_deep', $_GET);
$_GET = array_map('clean_cross_side_scripting_deep', $_GET);
}
-
Index: branches/0.71-bugfixes/inc/rulesengine.function.php
===================================================================
--- branches/0.71-bugfixes/inc/rulesengine.function.php (revision 7875)
+++ branches/0.71-bugfixes/inc/rulesengine.function.php (revision 7997)
@@ -367,5 +367,5 @@
case "glpi_type_networking":
return getRuleCollectionClass(RULE_DICTIONNARY_TYPE_NETWORKING);
- case "glpi_dropdown_type_phone":
+ case "glpi_type_phones":
return getRuleCollectionClass(RULE_DICTIONNARY_TYPE_PHONE);
case "glpi_dropdown_os":
Index: glpi.spec
===================================================================
RCS file: /cvs/extras/rpms/glpi/EL-5/glpi.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- glpi.spec 26 Jan 2009 21:26:34 -0000 1.12
+++ glpi.spec 26 Apr 2009 15:02:01 -0000 1.13
@@ -6,7 +6,7 @@
Name: glpi
Version: 0.71.5
-Release: 1%{?dist}
+Release: 3%{?dist}
Summary: Free IT asset management software
Summary(fr): Gestion Libre de Parc Informatique
@@ -23,6 +23,9 @@
# backport from 0.72 (Changeset 7208)
Patch0: glpi-check.patch
+# Post 0.71.5 patches from SVN
+# https://dev.indepnet.net/glpi/changeset?format=diff&new=8236&old=7910&new_path=branches/0.71-bugfixes&old_path=branches/0.71-bugfixes
+Patch1: glpi-0.71.5.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -67,6 +70,7 @@
%setup -q -n glpi
%patch0 -p0
+%patch1 -p2
%if 0%{?rhel} == 4
@@ -230,6 +234,9 @@
%changelog
+* Sun Apr 26 2009 Remi Collet <Fedora at FamilleCollet.com> - 0.71.5-3
+- post 0.71.5 patches
+
* Mon Jan 26 2009 Remi Collet <Fedora at FamilleCollet.com> - 0.71.5-1
- update to 0.71.5 (Fix regression in 0.71.4)
More information about the fedora-extras-commits
mailing list