[pkg-horde] [SCM] Debian Horde Packages repository: horde3 package branch, debian-lenny, updated. 282abc8ed07be464512b1fca64760b7f299093a3
Gregory Colpart
reg at debian.org
Sat Oct 30 23:34:41 UTC 2010
The following commit has been merged in the debian-lenny branch:
commit 282abc8ed07be464512b1fca64760b7f299093a3
Author: Gregory Colpart <reg at debian.org>
Date: Sun Oct 31 01:03:20 2010 +0200
Backport security patches from 3.3.9 version
diff --git a/debian/changelog b/debian/changelog
index 29e18cc..be0f462 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,9 @@
-horde3 (3.2.2+debian0-2+lenny3) stable; urgency=low
+horde3 (3.2.2+debian0-2+lenny3) stable-security; urgency=high
* Fix typo in patch for CVE-2009-3236.
+ * Fix CVE-2010-3077 and CVE-2010-3694 (Closes: #598582)
- -- Gregory Colpart <reg at debian.org> Tue, 25 May 2010 01:20:42 +0200
+ -- Gregory Colpart <reg at debian.org> Sun, 31 Oct 2010 00:59:05 +0200
horde3 (3.2.2+debian0-2+lenny2) stable-security; urgency=high
diff --git a/services/prefs.php b/services/prefs.php
index e04dc34..b87dcd4 100644
--- a/services/prefs.php
+++ b/services/prefs.php
@@ -83,63 +83,68 @@ if ($group == 'identities') {
}
}
- switch (Util::getFormData('actionID')) {
- case 'update_prefs':
- $from_addresses = $identity->getAll('from_addr');
- $current_from = $identity->getValue('from_addr');
- if ($prefs->isLocked('default_identity')) {
- $default = $identity->getDefault();
- } else {
- $default = Util::getPost('default_identity');
- $id = Util::getPost('identity');
- if ($id == -1) {
- $id = $identity->add();
- } elseif ($id == -2) {
- $prefGroups['identities']['members'] = array('default_identity');
+ $result = Horde::checkRequestToken('horde.prefs', Util::getFormData('horde_prefs_token'));
+ if (is_a($result, 'PEAR_Error')) {
+ $notification->push($result, 'horde.error');
+ } else {
+ switch (Util::getFormData('actionID')) {
+ case 'update_prefs':
+ $from_addresses = $identity->getAll('from_addr');
+ $current_from = $identity->getValue('from_addr');
+ if ($prefs->isLocked('default_identity')) {
+ $default = $identity->getDefault();
+ } else {
+ $default = Util::getPost('default_identity');
+ $id = Util::getPost('identity');
+ if ($id == -1) {
+ $id = $identity->add();
+ } elseif ($id == -2) {
+ $prefGroups['identities']['members'] = array('default_identity');
+ }
+ $identity->setDefault($id);
}
- $identity->setDefault($id);
- }
- if (!Prefs_UI::handleForm($group, $identity)) {
- break;
- }
+ if (!Prefs_UI::handleForm($group, $identity)) {
+ break;
+ }
+
+ $new_from = $identity->getValue('from_addr');
+ if (!empty($conf['user']['verify_from_addr']) &&
+ $current_from != $new_from &&
+ !in_array($new_from, $from_addresses)) {
+ $result = $identity->verifyIdentity($id, empty($current_from) ? $new_from : $current_from);
+ if (is_a($result, 'PEAR_Error')) {
+ $notification->push(_("The new from address can't be verified, try again later: ") . $result->getMessage(), 'horde.error');
+ Horde::logMessage($result, __FILE__, __LINE__, PEAR_LOG_ERR);
+ } elseif (is_a($result, 'Notification_Event')) {
+ $notification->push($result, 'horde.message');
+ }
+ break;
+ }
- $new_from = $identity->getValue('from_addr');
- if (!empty($conf['user']['verify_from_addr']) &&
- $current_from != $new_from &&
- !in_array($new_from, $from_addresses)) {
- $result = $identity->verifyIdentity($id, empty($current_from) ? $new_from : $current_from);
- if (is_a($result, 'PEAR_Error')) {
- $notification->push(_("The new from address can't be verified, try again later: ") . $result->getMessage(), 'horde.error');
- Horde::logMessage($result, __FILE__, __LINE__, PEAR_LOG_ERR);
- } elseif (is_a($result, 'Notification_Event')) {
- $notification->push($result, 'horde.message');
+ $identity->setDefault($default);
+ $identity->save();
+ unset($prefGroups);
+ $result = Horde::loadConfiguration('prefs.php', array('prefGroups', '_prefs'), $app);
+ if (!is_a($result, 'PEAR_Error')) {
+ extract($result);
}
break;
- }
- $identity->setDefault($default);
- $identity->save();
- unset($prefGroups);
- $result = Horde::loadConfiguration('prefs.php', array('prefGroups', '_prefs'), $app);
- if (!is_a($result, 'PEAR_Error')) {
- extract($result);
+ case 'delete_identity':
+ $id = (int)Util::getFormData('id');
+ $deleted_identity = $identity->delete($id);
+ unset($_prefs['default_identity']['enum'][$id]);
+ $notification->push(sprintf(_("The identity \"%s\" has been deleted."), $deleted_identity[0]['id']), 'horde.success');
+ break;
+
+ case 'change_default_identity':
+ $default_identity = $identity->setDefault(Util::getFormData('id'));
+ $identity->save();
+ $notification->push(_("Your default identity has been changed."),
+ 'horde.success');
+ break;
}
- break;
-
- case 'delete_identity':
- $id = (int)Util::getFormData('id');
- $deleted_identity = $identity->delete($id);
- unset($_prefs['default_identity']['enum'][$id]);
- $notification->push(sprintf(_("The identity \"%s\" has been deleted."), $deleted_identity[0]['id']), 'horde.success');
- break;
-
- case 'change_default_identity':
- $default_identity = $identity->setDefault(Util::getFormData('id'));
- $identity->save();
- $notification->push(_("Your default identity has been changed."),
- 'horde.success');
- break;
}
} elseif (Prefs_UI::handleForm($group, $prefs)) {
$result = Horde::loadConfiguration('prefs.php', array('prefGroups', '_prefs'), $app);
diff --git a/services/prefs/index.php b/services/prefs/index.php
index 3fcf3e2..3e6feb4 100644
--- a/services/prefs/index.php
+++ b/services/prefs/index.php
@@ -10,19 +10,26 @@
* @author Chuck Hagenbuch <chuck at horde.org>
*/
+/* SECURITY: This script is subject to CSRF attacks. It has been removed
+ * in Horde 4. However, for BC, it needs to remain for certain applications &
+ * preferences. The following is the list of allowed prefs to be set using
+ * this script. */
+$wl_prefs = array(
+ 'dimp' => array(
+ 'show_preview'
+ )
+);
+
+
@define('HORDE_BASE', dirname(dirname(dirname(__FILE__))));
require_once HORDE_BASE . '/lib/core.php';
$registry = &Registry::singleton();
-/* Which application. */
+/* Which application/preference? */
$app = Util::getFormData('app');
-if (!$app) {
- echo '<ul id="app">';
- foreach ($registry->listApps() as $app) {
- echo '<li>' . htmlspecialchars($app) . '</li>';
- }
- echo '</ul>';
+$pref = Util::getFormData('pref');
+if (!isset($wl_prefs[$app][$pref])) {
exit;
}
@@ -32,30 +39,6 @@ $authentication = 'none';
$appbase = $registry->get('fileroot', $app);
require_once $appbase . '/lib/base.php';
-/* Which preference. */
-$pref = Util::getFormData('pref');
-if (!$pref) {
- /* Load prefs config file. */
- $result = Horde::loadConfiguration('prefs.php', array('_prefs'), $app);
- if (is_a($result, 'PEAR_Error')) {
- exit;
- }
- extract($result);
-
- echo '<ul id="pref">';
- foreach ($_prefs as $pref => $params) {
- switch ($params['type']) {
- case 'special':
- case 'link':
- break;
-
- default:
- echo '<li preftype="' . htmlspecialchars($params['type']) . '">' . htmlspecialchars($pref) . '</li>';
- }
- }
- echo '</ul>';
-}
-
/* Which action. */
if (Util::getPost('pref') == $pref) {
/* POST for saving a pref. */
diff --git a/templates/portal/layout.inc b/templates/portal/layout.inc
index fc9884c..a6cb299 100644
--- a/templates/portal/layout.inc
+++ b/templates/portal/layout.inc
@@ -72,7 +72,7 @@
</tr>
<tr>
<td colspan="2">
- <?php echo $blocks->getBlocksWidget($blockInfo['app'], $blockInfo['block'], true) ?>
+ <?php echo $blocks->getBlocksWidget($blockInfo['app'], $blockInfo['block'], ($layout->isRemovable($row, $col) ? true : false), ($layout->isRemovable($row, $col) ? false : true)) ?>
</td>
</tr>
<?php
diff --git a/templates/prefs/begin.inc b/templates/prefs/begin.inc
index 05f82b7..b084651 100644
--- a/templates/prefs/begin.inc
+++ b/templates/prefs/begin.inc
@@ -1,5 +1,6 @@
<form method="post" id="prefs" name="prefs" action="<?php echo Horde::selfUrl() ?>">
<?php Util::pformInput() ?>
+<input type="hidden" name="horde_prefs_token" value="<? echo Horde::getRequestToken('horde_prefs') ?>" />
<input type="hidden" name="actionID" value="update_prefs" />
<input type="hidden" name="group" value="<?php echo htmlspecialchars($group) ?>" />
<input type="hidden" id="prefs_app" name="app" value="<?php echo htmlspecialchars($app) ?>" />
diff --git a/util/icon_browser.php b/util/icon_browser.php
index 650d89f..a82e52e 100644
--- a/util/icon_browser.php
+++ b/util/icon_browser.php
@@ -33,7 +33,7 @@ if (($app = basename(Util::getFormData('app'))) && isset($apps[$app])) {
exit(sprintf(_("Base graphics directory \"%s\" not found."), $dir));
}
- if (($subdir = basename(Util::getFormData('subdir')))) {
+ if (($subdir = basename(htmlspecialchars(Util::getFormData('subdir'))))) {
$dir .= DIRECTORY_SEPARATOR . $subdir;
if (!is_dir($dir)) {
exit(sprintf(_("Subdirectory \"%s\" not found."), $dir));
--
Debian Horde Packages repository: horde3 package
More information about the pkg-horde-hackers
mailing list