[Pkg-mediawiki-commits] r233 - in mediawiki/lenny/debian: . patches
Jonathan Wiltshire
jmw at alioth.debian.org
Fri Dec 17 23:36:17 UTC 2010
Author: jmw
Date: 2010-12-17 23:36:17 +0000 (Fri, 17 Dec 2010)
New Revision: 233
Added:
mediawiki/lenny/debian/patches/1.15.5-profileinfo-security.patch
Modified:
mediawiki/lenny/debian/changelog
mediawiki/lenny/debian/patches/series
Log:
Backport fix for XSS vulnerability in profileinfo.php for installations with $wgEnableProfileInfo = true (false by default)
Modified: mediawiki/lenny/debian/changelog
===================================================================
--- mediawiki/lenny/debian/changelog 2010-12-17 22:26:22 UTC (rev 232)
+++ mediawiki/lenny/debian/changelog 2010-12-17 23:36:17 UTC (rev 233)
@@ -6,8 +6,10 @@
[[Special:Userlogin]]. CVE-2010-1648
* Fixed XSS vulnerability affecting IE clients only, due to a CSS
validation issue. CVE-2010-1647 (Closes: #585918)
+ * Fixed an XSS vulnerability in profileinfo.php for installations
+ with $wgEnableProfileInfo = true (false by default) (Closes: #590669)
- -- Jonathan Wiltshire <jmw at debian.org> Fri, 17 Dec 2010 21:54:08 +0000
+ -- Jonathan Wiltshire <jmw at debian.org> Fri, 17 Dec 2010 23:32:46 +0000
mediawiki (1:1.12.0-2lenny5) stable-security; urgency=high
Added: mediawiki/lenny/debian/patches/1.15.5-profileinfo-security.patch
===================================================================
--- mediawiki/lenny/debian/patches/1.15.5-profileinfo-security.patch (rev 0)
+++ mediawiki/lenny/debian/patches/1.15.5-profileinfo-security.patch 2010-12-17 23:36:17 UTC (rev 233)
@@ -0,0 +1,76 @@
+Descripto: Fixed an XSS vulnerability in profileinfo.php for installations
+ with $wgEnableProfileInfo = true (false by default)
+Origin: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/66989
+Author: Tim Starling
+Last-Update: 2010-12-17
+
+--- mediawiki-1.12.0.orig/profileinfo.php
++++ mediawiki-1.12.0/profileinfo.php
+@@ -52,7 +52,8 @@
+ require_once( './includes/GlobalFunctions.php' );
+
+ if (!$wgEnableProfileInfo) {
+- echo "disabled\n";
++ echo "<p>Disabled</p>\n";
++ echo "</body></html>";
+ exit( 1 );
+ }
+
+@@ -95,7 +96,7 @@
+ else $ex = false;
+ if (!$ex) {
+ if (count($this->children)) {
+- $url = makeurl(false, false, $expand + array($this->name() => true));
++ $url = getEscapedProfileUrl(false, false, $expand + array($this->name() => true));
+ $extet = " <a href=\"$url\">[+]</a>";
+ } else $extet = '';
+ } else {
+@@ -104,7 +105,7 @@
+ if ($name != $this->name())
+ $e += array($name => $ep);
+
+- $extet = " <a href=\"" . makeurl(false, false, $e) . "\">[–]</a>";
++ $extet = " <a href=\"" . getEscapedProfileUrl(false, false, $e) . "\">[–]</a>";
+ }
+ ?>
+ <tr>
+@@ -181,26 +182,30 @@
+
+ <table cellspacing="0">
+ <tr id="top">
+-<th><a href="<?php echo makeurl(false, "time") ?>">Time</a></th>
++<th><a href="<?php echo getEscapedProfileUrl(false, "time") ?>">Time</a></th>
+ <th>Time (%)</th>
+-<th><a href="<?php echo makeurl(false, "count") ?>">Count</a></th>
++<th><a href="<?php echo getEscapedProfileUrl(false, "count") ?>">Count</a></th>
+ <th>Avg calls per request</th>
+-<th><a href="<?php echo makeurl(false, "name") ?>">Name</a></th>
++<th><a href="<?php echo getEscapedProfileUrl(false, "name") ?>">Name</a></th>
+ </tr>
+ <?php
+ $totaltime = 0.0;
+ $totalcount = 0;
+
+-function makeurl($_filter = false, $_sort = false, $_expand = false) {
++function getEscapedProfileUrl( $_filter = false, $_sort = false, $_expand = false ) {
+ global $filter, $sort, $expand;
+
+- if ($_expand === false)
++ if ( $_expand === false )
+ $_expand = $expand;
+
+- $nfilter = $_filter ? $_filter : $filter;
+- $nsort = $_sort ? $_sort : $sort;
+- $exp = urlencode(implode(',', array_keys($_expand)));
+- return "?filter=$nfilter&sort=$nsort&expand=$exp";
++ return htmlspecialchars(
++ '?' .
++ wfArrayToCGI( array(
++ 'filter' => $_filter ? $_filter : $filter,
++ 'sort' => $_sort ? $_sort : $sort,
++ 'expand' => implode( ',', array_keys( $_expand ) )
++ ) )
++ );
+ }
+
+ $points = array();
Modified: mediawiki/lenny/debian/patches/series
===================================================================
--- mediawiki/lenny/debian/patches/series 2010-12-17 22:26:22 UTC (rev 232)
+++ mediawiki/lenny/debian/patches/series 2010-12-17 23:36:17 UTC (rev 233)
@@ -10,3 +10,4 @@
1.15.3-security.patch
1.15.4-userlogin-security.patch
1.15.4-css-security.patch
+1.15.5-profileinfo-security.patch
More information about the Pkg-mediawiki-commits
mailing list