rpms/wordpress-mu/F-10 cve-2009-2334.patch, NONE, 1.1 sources, 1.3, 1.4 wordpress-mu.spec, 1.4, 1.5
Bret Richard McMillan
bretm at fedoraproject.org
Fri Jul 10 18:39:23 UTC 2009
- Previous message (by thread): rpms/perl/devel perl-bz509676.patch, NONE, 1.1 perl-skip-prereq.patch, NONE, 1.1 perl-update-Scalar-List-Utils.patch, NONE, 1.1 perl.spec, 1.223, 1.224
- Next message (by thread): rpms/unetbootin/devel unetbootin.spec,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: bretm
Update of /cvs/pkgs/rpms/wordpress-mu/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28687
Modified Files:
sources wordpress-mu.spec
Added Files:
cve-2009-2334.patch
Log Message:
patch for cve-2009-2334
cve-2009-2334.patch:
--- NEW FILE cve-2009-2334.patch ---
diff --git a/wp-admin/includes/plugin.php b/wp-admin/includes/plugin.php
index 796c4c9..1dd38ce 100644
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@@ -541,7 +541,7 @@ function uninstall_plugin($plugin) {
//
function add_menu_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '' ) {
- global $menu, $admin_page_hooks;
+ global $menu, $admin_page_hooks, $_registered_pages;
$file = plugin_basename( $file );
@@ -556,11 +556,13 @@ function add_menu_page( $page_title, $menu_title, $access_level, $file, $functio
$menu[] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
+ $_registered_pages[$hookname] = true;
+
return $hookname;
}
function add_object_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
- global $menu, $admin_page_hooks, $_wp_last_object_menu;
+ global $menu, $admin_page_hooks, $_wp_last_object_menu, $_registered_pages;
$file = plugin_basename( $file );
@@ -577,11 +579,13 @@ function add_object_page( $page_title, $menu_title, $access_level, $file, $funct
$menu[$_wp_last_object_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
+ $_registered_pages[$hookname] = true;
+
return $hookname;
}
function add_utility_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
- global $menu, $admin_page_hooks, $_wp_last_utility_menu;
+ global $menu, $admin_page_hooks, $_wp_last_utility_menu, $_registered_pages;
$file = plugin_basename( $file );
@@ -598,6 +602,8 @@ function add_utility_page( $page_title, $menu_title, $access_level, $file, $func
$menu[$_wp_last_utility_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
+ $_registered_pages[$hookname] = true;
+
return $hookname;
}
@@ -606,6 +612,7 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
global $menu;
global $_wp_real_parent_file;
global $_wp_submenu_nopriv;
+ global $_registered_pages;
$file = plugin_basename( $file );
@@ -635,6 +642,8 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
if (!empty ( $function ) && !empty ( $hookname ))
add_action( $hookname, $function );
+ $_registered_pages[$hookname] = true;
+
return $hookname;
}
@@ -859,14 +868,21 @@ function user_can_access_admin_page() {
global $_wp_menu_nopriv;
global $_wp_submenu_nopriv;
global $plugin_page;
+ global $_registered_pages;
$parent = get_admin_page_parent();
- if ( isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
+ if ( !isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
return false;
- if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
- return false;
+ if ( isset( $plugin_page ) ) {
+ if ( isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
+ return false;
+
+ $hookname = get_plugin_page_hookname($plugin_page, $parent);
+ if ( !isset($_registered_pages[$hookname]) )
+ return false;
+ }
if ( empty( $parent) ) {
if ( isset( $_wp_menu_nopriv[$pagenow] ) )
@@ -875,6 +891,8 @@ function user_can_access_admin_page() {
return false;
if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$pagenow][$plugin_page] ) )
return false;
+ if ( isset( $plugin_page ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+ return false;
foreach (array_keys( $_wp_submenu_nopriv ) as $key ) {
if ( isset( $_wp_submenu_nopriv[$key][$pagenow] ) )
return false;
@@ -884,6 +902,9 @@ function user_can_access_admin_page() {
return true;
}
+ if ( isset( $plugin_page ) && ( $plugin_page == $parent ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+ return false;
+
if ( isset( $submenu[$parent] ) ) {
foreach ( $submenu[$parent] as $submenu_array ) {
if ( isset( $plugin_page ) && ( $submenu_array[2] == $plugin_page ) ) {
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/wordpress-mu/F-10/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- sources 8 Dec 2008 21:29:39 -0000 1.3
+++ sources 10 Jul 2009 18:39:23 -0000 1.4
@@ -1 +1 @@
-bbdf44968b188d7416292a42efc7463c wordpress-mu-2.6.5.tar.gz
+b7d119c663833a3fe00d30224530447e wordpress-mu-2.7.tar.gz
Index: wordpress-mu.spec
===================================================================
RCS file: /cvs/pkgs/rpms/wordpress-mu/F-10/wordpress-mu.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- wordpress-mu.spec 8 Apr 2009 16:04:35 -0000 1.4
+++ wordpress-mu.spec 10 Jul 2009 18:39:23 -0000 1.5
@@ -1,14 +1,14 @@
Summary: WordPress-MU multi-user blogging software
URL: http://mu.wordpress.org/latest.tar.gz
Name: wordpress-mu
-Version: 2.6.5
-Release: 2%{?dist}
+Version: 2.7
+Release: 6%{?dist}
Group: Applications/Publishing
License: GPLv2
Source0: %{name}-%{version}.tar.gz
Source1: wordpress-mu-httpd-conf
Source2: README.fedora.wordpress-mu
-Patch0: cve-2009-1030.patch
+Patch0: cve-2009-2334.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: php >= 4.1.0, httpd, php-mysql
BuildArch: noarch
@@ -18,8 +18,8 @@ WordPress-MU is a derivative of the Word
one instance to serve multiple users.
%prep
-%setup -q
-%patch0 -b .patch0
+%setup -q -n wordpress-mu
+%patch0 -p1 -b .patch1
# disable-wordpress-core-update, updates are always installed via rpm
#
@@ -28,7 +28,6 @@ one instance to serve multiple users.
echo "<?php // update script removed, updates via RPMs for Fedora ?>" > wp-includes/update.php
-
%build
@@ -98,10 +97,15 @@ rm -rf %{buildroot}
%{_datadir}/wordpress-mu/wp-signup.php
%{_datadir}/wordpress-mu/wp-trackback.php
%{_datadir}/wordpress-mu/xmlrpc.php
-%{_datadir}/wordpress-mu/favicon.ico
%dir %{_sysconfdir}/wordpress-mu
%changelog
+* Fri Jul 10 2009 Bret McMillan <bretm at redhat.com> - 2.7-6
+- Patch for CVE-2009-2334
+- Update to version 2.7
+- Alter source prep so I can still use upstream's tarball
+- favicon.ico removed from manifest
+
* Tue Apr 7 2009 Bret McMillan <bretm at redhat.com> - 2.6.5-2
- Patch for CVE-2009-1030
- Previous message (by thread): rpms/perl/devel perl-bz509676.patch, NONE, 1.1 perl-skip-prereq.patch, NONE, 1.1 perl-update-Scalar-List-Utils.patch, NONE, 1.1 perl.spec, 1.223, 1.224
- Next message (by thread): rpms/unetbootin/devel unetbootin.spec,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list