[pkg-horde] [SCM] Debian Horde Packages repository: horde3 package branch, debian-sid, updated. debian/3.3.6+debian0-2-8-g2592fcf
Gregory Colpart
reg at debian.org
Sat Oct 30 23:34:52 UTC 2010
The following commit has been merged in the debian-sid branch:
commit 2592fcf5880ed15de37080aa1e5540b3c898d20e
Author: Gregory Colpart <reg at debian.org>
Date: Sun Oct 31 00:57:15 2010 +0200
Backport security patches from 3.3.9 version
diff --git a/debian/changelog b/debian/changelog
index ac7d731..8c3e3c3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+horde3 (3.3.8+debian0-2) unstable; urgency=medium
+
+ * Fix CVE-2010-3077 and CVE-2010-3694 (Closes: #598582)
+
+ -- Gregory Colpart <reg at debian.org> Sun, 31 Oct 2010 00:30:42 +0200
+
horde3 (3.3.8+debian0-1) unstable; urgency=low
[ Mathieu Parent ]
diff --git a/services/prefs.php b/services/prefs.php
index d7e21ce..f85d562 100644
--- a/services/prefs.php
+++ b/services/prefs.php
@@ -83,63 +83,68 @@ if ($group == 'identities') {
}
}
- switch (Util::getFormData('actionID')) {
- case 'update_prefs':
- $from_addresses = $identity->getAll('from_addr');
- $current_from = $identity->getValue('from_addr');
- if ($prefs->isLocked('default_identity')) {
- $default = $identity->getDefault();
- } else {
- $default = Util::getPost('default_identity');
- $id = Util::getPost('identity');
- if ($id == -1) {
- $id = $identity->add();
- } elseif ($id == -2) {
- $prefGroups['identities']['members'] = array('default_identity');
+ $result = Horde::checkRequestToken('horde.prefs', Util::getFormData('horde_prefs_token'));
+ if (is_a($result, 'PEAR_Error')) {
+ $notification->push($result, 'horde.error');
+ } else {
+ switch (Util::getFormData('actionID')) {
+ case 'update_prefs':
+ $from_addresses = $identity->getAll('from_addr');
+ $current_from = $identity->getValue('from_addr');
+ if ($prefs->isLocked('default_identity')) {
+ $default = $identity->getDefault();
+ } else {
+ $default = Util::getPost('default_identity');
+ $id = Util::getPost('identity');
+ if ($id == -1) {
+ $id = $identity->add();
+ } elseif ($id == -2) {
+ $prefGroups['identities']['members'] = array('default_identity');
+ }
+ $identity->setDefault($id);
}
- $identity->setDefault($id);
- }
- if (!Prefs_UI::handleForm($group, $identity)) {
- break;
- }
+ if (!Prefs_UI::handleForm($group, $identity)) {
+ break;
+ }
+
+ $new_from = $identity->getValue('from_addr');
+ if (!empty($conf['user']['verify_from_addr']) &&
+ $current_from != $new_from &&
+ !in_array($new_from, $from_addresses)) {
+ $result = $identity->verifyIdentity($id, empty($current_from) ? $new_from : $current_from);
+ if (is_a($result, 'PEAR_Error')) {
+ $notification->push(_("The new from address can't be verified, try again later: ") . $result->getMessage(), 'horde.error');
+ Horde::logMessage($result, __FILE__, __LINE__, PEAR_LOG_ERR);
+ } elseif (is_a($result, 'Notification_Event')) {
+ $notification->push($result, 'horde.message');
+ }
+ break;
+ }
- $new_from = $identity->getValue('from_addr');
- if (!empty($conf['user']['verify_from_addr']) &&
- $current_from != $new_from &&
- !in_array($new_from, $from_addresses)) {
- $result = $identity->verifyIdentity($id, empty($current_from) ? $new_from : $current_from);
- if (is_a($result, 'PEAR_Error')) {
- $notification->push(_("The new from address can't be verified, try again later: ") . $result->getMessage(), 'horde.error');
- Horde::logMessage($result, __FILE__, __LINE__, PEAR_LOG_ERR);
- } elseif (is_a($result, 'Notification_Event')) {
- $notification->push($result, 'horde.message');
+ $identity->setDefault($default);
+ $identity->save();
+ unset($prefGroups);
+ $result = Horde::loadConfiguration('prefs.php', array('prefGroups', '_prefs'), $app);
+ if (!is_a($result, 'PEAR_Error')) {
+ extract($result);
}
break;
- }
- $identity->setDefault($default);
- $identity->save();
- unset($prefGroups);
- $result = Horde::loadConfiguration('prefs.php', array('prefGroups', '_prefs'), $app);
- if (!is_a($result, 'PEAR_Error')) {
- extract($result);
+ case 'delete_identity':
+ $id = (int)Util::getFormData('id');
+ $deleted_identity = $identity->delete($id);
+ unset($_prefs['default_identity']['enum'][$id]);
+ $notification->push(sprintf(_("The identity \"%s\" has been deleted."), $deleted_identity[0]['id']), 'horde.success');
+ break;
+
+ case 'change_default_identity':
+ $default_identity = $identity->setDefault(Util::getFormData('id'));
+ $identity->save();
+ $notification->push(_("Your default identity has been changed."),
+ 'horde.success');
+ break;
}
- break;
-
- case 'delete_identity':
- $id = (int)Util::getFormData('id');
- $deleted_identity = $identity->delete($id);
- unset($_prefs['default_identity']['enum'][$id]);
- $notification->push(sprintf(_("The identity \"%s\" has been deleted."), $deleted_identity[0]['id']), 'horde.success');
- break;
-
- case 'change_default_identity':
- $default_identity = $identity->setDefault(Util::getFormData('id'));
- $identity->save();
- $notification->push(_("Your default identity has been changed."),
- 'horde.success');
- break;
}
} elseif (Prefs_UI::handleForm($group, $prefs)) {
$result = Horde::loadConfiguration('prefs.php', array('prefGroups', '_prefs'), $app);
diff --git a/services/prefs/index.php b/services/prefs/index.php
index a812551..e0c47bf 100644
--- a/services/prefs/index.php
+++ b/services/prefs/index.php
@@ -10,19 +10,26 @@
* @author Chuck Hagenbuch <chuck at horde.org>
*/
+/* SECURITY: This script is subject to CSRF attacks. It has been removed
+ * in Horde 4. However, for BC, it needs to remain for certain applications &
+ * preferences. The following is the list of allowed prefs to be set using
+ * this script. */
+$wl_prefs = array(
+ 'dimp' => array(
+ 'show_preview'
+ )
+);
+
+
@define('HORDE_BASE', dirname(dirname(dirname(__FILE__))));
require_once HORDE_BASE . '/lib/core.php';
$registry = &Registry::singleton();
-/* Which application. */
+/* Which application/preference? */
$app = Util::getFormData('app');
-if (!$app) {
- echo '<ul id="app">';
- foreach ($registry->listApps() as $app) {
- echo '<li>' . htmlspecialchars($app) . '</li>';
- }
- echo '</ul>';
+$pref = Util::getFormData('pref');
+if (!isset($wl_prefs[$app][$pref])) {
exit;
}
@@ -32,30 +39,6 @@ $authentication = 'none';
$appbase = $registry->get('fileroot', $app);
require_once $appbase . '/lib/base.php';
-/* Which preference. */
-$pref = Util::getFormData('pref');
-if (!$pref) {
- /* Load prefs config file. */
- $result = Horde::loadConfiguration('prefs.php', array('_prefs'), $app);
- if (is_a($result, 'PEAR_Error')) {
- exit;
- }
- extract($result);
-
- echo '<ul id="pref">';
- foreach ($_prefs as $pref => $params) {
- switch ($params['type']) {
- case 'special':
- case 'link':
- break;
-
- default:
- echo '<li preftype="' . htmlspecialchars($params['type']) . '">' . htmlspecialchars($pref) . '</li>';
- }
- }
- echo '</ul>';
-}
-
/* Which action. */
if (Util::getPost('pref') == $pref) {
/* POST for saving a pref. */
diff --git a/templates/portal/layout.inc b/templates/portal/layout.inc
index 9a4a61b..8d6c115 100644
--- a/templates/portal/layout.inc
+++ b/templates/portal/layout.inc
@@ -73,7 +73,7 @@
</tr>
<tr>
<td colspan="2">
- <?php echo $blocks->getBlocksWidget($blockInfo['app'], $blockInfo['block'], true) ?>
+ <?php echo $blocks->getBlocksWidget($blockInfo['app'], $blockInfo['block'], ($layout->isRemovable($row, $col) ? true : false), ($layout->isRemovable($row, $col) ? false : true)) ?>
</td>
</tr>
<?php
diff --git a/templates/prefs/begin.inc b/templates/prefs/begin.inc
index 05f82b7..b084651 100644
--- a/templates/prefs/begin.inc
+++ b/templates/prefs/begin.inc
@@ -1,5 +1,6 @@
<form method="post" id="prefs" name="prefs" action="<?php echo Horde::selfUrl() ?>">
<?php Util::pformInput() ?>
+<input type="hidden" name="horde_prefs_token" value="<? echo Horde::getRequestToken('horde_prefs') ?>" />
<input type="hidden" name="actionID" value="update_prefs" />
<input type="hidden" name="group" value="<?php echo htmlspecialchars($group) ?>" />
<input type="hidden" id="prefs_app" name="app" value="<?php echo htmlspecialchars($app) ?>" />
diff --git a/util/icon_browser.php b/util/icon_browser.php
index bbb3858..a9883f9 100644
--- a/util/icon_browser.php
+++ b/util/icon_browser.php
@@ -33,7 +33,7 @@ if (($app = basename(Util::getFormData('app'))) && isset($apps[$app])) {
exit(sprintf(_("Base graphics directory \"%s\" not found."), $dir));
}
- if (($subdir = basename(Util::getFormData('subdir')))) {
+ if (($subdir = basename(htmlspecialchars(Util::getFormData('subdir'))))) {
$dir .= DIRECTORY_SEPARATOR . $subdir;
if (!is_dir($dir)) {
exit(sprintf(_("Subdirectory \"%s\" not found."), $dir));
--
Debian Horde Packages repository: horde3 package
More information about the pkg-horde-hackers
mailing list