[SCM] BOINC packaging branch, wheezy, updated. debian/7.0.27+dfsg-5-21-g8ddb22e
Guo Yixuan
culu.gyx at gmail.com
Thu Jun 27 02:20:12 UTC 2013
The following commit has been merged in the wheezy branch:
commit 22260b89a3cb105b8343f0c8defcf85eeb8b508a
Author: Guo Yixuan <culu.gyx at gmail.com>
Date: Thu Jun 27 10:17:26 2013 +0800
commented patch for html/user/submit.php in CVE-2013-2018-2-SQL-injections.patch
html/user/submit.php has changed too much between 7.0.27 and the patch
diff --git a/debian/patches/CVE-2013-2018-2-SQL-injections.patch b/debian/patches/CVE-2013-2018-2-SQL-injections.patch
index 7b38f77..725892a 100644
--- a/debian/patches/CVE-2013-2018-2-SQL-injections.patch
+++ b/debian/patches/CVE-2013-2018-2-SQL-injections.patch
@@ -23,18 +23,18 @@ index 2dfef55..625ca52 100644
$app = BossaApp::lookup("short_name='$name'");
if (!$app) return 0;
return $app->id;
-diff --git a/html/user/submit.php b/html/user/submit.php
-index ebaf385..4d8d7c5 100644
---- a/html/user/submit.php
-+++ b/html/user/submit.php
-@@ -196,6 +196,7 @@ function handle_main($user) {
- ";
- $x = "";
- foreach ($submit_urls as $appname=>$submit_url) {
-+ $appname = BoincDb::escape_string($appname);
- $app = BoincApp::lookup("name='$appname'");
- if (!$app) error_page("bad submit_url name: $appname");
- $usa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
+#diff --git a/html/user/submit.php b/html/user/submit.php
+#index ebaf385..4d8d7c5 100644
+#--- a/html/user/submit.php
+#+++ b/html/user/submit.php
+#@@ -196,6 +196,7 @@ function handle_main($user) {
+# ";
+# $x = "";
+# foreach ($submit_urls as $appname=>$submit_url) {
+#+ $appname = BoincDb::escape_string($appname);
+# $app = BoincApp::lookup("name='$appname'");
+# if (!$app) error_page("bad submit_url name: $appname");
+# $usa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
diff --git a/html/user/submit_rpc_handler.php b/html/user/submit_rpc_handler.php
index 9a2686a..e3b6d15 100644
--- a/html/user/submit_rpc_handler.php
--
BOINC packaging
More information about the pkg-boinc-commits
mailing list