diff -ru phpgroupware.org.16.006/CVS/Entries phpgroupware.org.16.008/CVS/Entries
--- phpgroupware.org.16.006/CVS/Entries 2005-07-05 02:25:13.000000000 +0200
+++ phpgroupware.org.16.008/CVS/Entries 2005-08-27 07:27:42.000000000 +0200
@@ -6,7 +6,6 @@
/set_box.php/1.2/Tue Oct 23 11:00:50 2001//TVersion-0_9_16-branch
/soap.php/1.6/Tue Dec 11 02:01:37 2001//TVersion-0_9_16-branch
/version.inc.php/1.90.2.1/Wed Jan 23 02:39:12 2002//TVersion-0_9_16-branch
-/xmlrpc.php/1.11.4.7/Tue Nov 18 08:45:25 2003//TVersion-0_9_16-branch
D/doc////
D/addressbook////
D/admin////
@@ -61,3 +60,4 @@
/home.php/1.16.2.1.2.6/Mon Jan 3 05:56:04 2005//TVersion-0_9_16-branch
/login.php/1.76.2.4.2.19/Mon Jan 3 05:56:04 2005//TVersion-0_9_16-branch
/anon_wrapper.php/1.4.2.1.2.1/Fri Jun 3 09:15:04 2005//TVersion-0_9_16-branch
+/xmlrpc.php/1.11.4.8/Wed Aug 24 09:15:08 2005//TVersion-0_9_16-branch
diff -ru phpgroupware.org.16.006/addressbook/inc/CVS/Entries phpgroupware.org.16.008/addressbook/inc/CVS/Entries
--- phpgroupware.org.16.006/addressbook/inc/CVS/Entries 2005-04-05 11:15:16.000000000 +0200
+++ phpgroupware.org.16.008/addressbook/inc/CVS/Entries 2005-08-20 11:15:09.000000000 +0200
@@ -27,15 +27,15 @@
/class.uifields.inc.php/1.3.2.3.2.8/Tue May 4 01:25:45 2004//TVersion-0_9_16-branch
/class.widget_lists.inc.php/1.1.2.6/Tue May 4 01:25:45 2004//TVersion-0_9_16-branch
/hook_deleteaccount.inc.php/1.5.6.3/Sat Jul 17 23:25:05 2004//TVersion-0_9_16-branch
-/class.soaddressbook.inc.php/1.14.2.3.2.24/Sun Sep 5 03:44:39 2004//TVersion-0_9_16-branch
/class.boXport.inc.php/1.7.4.5/Mon Jan 3 05:56:06 2005//TVersion-0_9_16-branch
/class.boaddressbook.inc.php/1.21.2.2.2.29/Mon Jan 3 05:56:06 2005//TVersion-0_9_16-branch
/class.boaddressbook_prefs.inc.php/1.1.2.4/Mon Jan 3 05:56:06 2005//TVersion-0_9_16-branch
/class.ipc_addressbook.inc.php/1.1.2.2/Mon Jan 3 05:56:06 2005//TVersion-0_9_16-branch
-/class.uiaddressbook.inc.php/1.36.2.15.2.59/Mon Jan 3 05:56:07 2005//TVersion-0_9_16-branch
/class.uiaddressbook_prefs.inc.php/1.1.2.5/Mon Jan 3 05:56:07 2005//TVersion-0_9_16-branch
/class.uivcard.inc.php/1.5.2.1.2.5/Mon Jan 3 05:56:07 2005//TVersion-0_9_16-branch
/functions.inc.php/1.101.2.1.2.2/Mon Jan 3 05:56:07 2005//TVersion-0_9_16-branch
/hook_home.inc.php/1.13.2.5.2.5/Mon Jan 3 05:56:07 2005//TVersion-0_9_16-branch
/hook_notifywindow.inc.php/1.5.2.1.2.3/Mon Jan 3 05:56:07 2005//TVersion-0_9_16-branch
/hook_sidebox_menu.inc.php/1.1.2.5/Tue Apr 5 09:15:16 2005//TVersion-0_9_16-branch
+/class.soaddressbook.inc.php/1.14.2.3.2.25/Sat Aug 20 09:15:09 2005//TVersion-0_9_16-branch
+/class.uiaddressbook.inc.php/1.36.2.15.2.60/Sat Aug 20 09:15:09 2005//TVersion-0_9_16-branch
diff -ru phpgroupware.org.16.006/addressbook/inc/class.soaddressbook.inc.php phpgroupware.org.16.008/addressbook/inc/class.soaddressbook.inc.php
--- phpgroupware.org.16.006/addressbook/inc/class.soaddressbook.inc.php 2004-09-05 05:44:39.000000000 +0200
+++ phpgroupware.org.16.008/addressbook/inc/class.soaddressbook.inc.php 2005-08-20 11:15:09.000000000 +0200
@@ -17,7 +17,7 @@
* option) any later version. *
\**************************************************************************/
-/* $Id: class.soaddressbook.inc.php,v 1.14.2.3.2.24 2004/08/21 05:53:12 jarg Exp $ */
+/* $Id: class.soaddressbook.inc.php,v 1.14.2.3.2.25 2005/08/19 19:48:43 jarg Exp $ */
class soaddressbook
{
@@ -599,7 +599,17 @@
//used
function add_person($fields)
- {
+ {
+ if(!is_array($fields['tab_person_data']))
+ {
+ $fields['tab_person_data'] = (array)$fields['tab_person_data'];
+ }
+
+ if(!is_array($fields['tab_extra']))
+ {
+ $fields['tab_extra'] = (array)$fields['tab_extra'];
+ }
+
$principal = array_merge($fields['tab_person_data'], $fields['tab_extra']);
if(!is_array($fields['tab_comms']['comm_data']))
diff -ru phpgroupware.org.16.006/addressbook/inc/class.uiaddressbook.inc.php phpgroupware.org.16.008/addressbook/inc/class.uiaddressbook.inc.php
--- phpgroupware.org.16.006/addressbook/inc/class.uiaddressbook.inc.php 2005-01-03 06:56:07.000000000 +0100
+++ phpgroupware.org.16.008/addressbook/inc/class.uiaddressbook.inc.php 2005-08-20 11:15:09.000000000 +0200
@@ -12,7 +12,7 @@
* option) any later version. *
\**************************************************************************/
- /* $Id: class.uiaddressbook.inc.php,v 1.36.2.15.2.59 2004/12/01 19:15:34 jarg Exp $ */
+ /* $Id: class.uiaddressbook.inc.php,v 1.36.2.15.2.60 2005/08/19 19:48:43 jarg Exp $ */
class uiaddressbook
@@ -35,7 +35,6 @@
var $filter;
var $cat_id;
var $bname;
- var $template;
var $options_data;
var $old_tab;
@@ -2734,6 +2733,8 @@
function view_contact($contact_id='', $contact_type='', $referer='')
{
+ $contacts = array();
+
$contact_id = (empty($contact_id))? get_var('ab_id') : $contact_id;
$contact_type = $contact_type?$contact_type:$this->bo->search_contact_type_id(
$this->bo->get_type_contact($contact_id));
@@ -2812,12 +2813,19 @@
$addr = $this->bo->get_addr_contact_data($contact_id, array('addr_pref_val'=>'Y'));
- unset($addr[0]['contact_id']);
- unset($addr[0]['key_addr_id']);
- unset($addr[0]['addr_type']);
- unset($addr[0]['addr_preferred']);
- unset($addr[0]['addr_description']);
- unset($addr[0]['addr_contact_id']);
+ if(is_array($addr[0]))
+ {
+ unset($addr[0]['contact_id']);
+ unset($addr[0]['key_addr_id']);
+ unset($addr[0]['addr_type']);
+ unset($addr[0]['addr_preferred']);
+ unset($addr[0]['addr_description']);
+ unset($addr[0]['addr_contact_id']);
+ }
+ else
+ {
+ $addr[0] = array();
+ }
$contacts = array_merge($contacts, $addr[0]);
diff -ru phpgroupware.org.16.006/admin/inc/CVS/Entries phpgroupware.org.16.008/admin/inc/CVS/Entries
--- phpgroupware.org.16.006/admin/inc/CVS/Entries 2005-06-03 11:15:08.000000000 +0200
+++ phpgroupware.org.16.008/admin/inc/CVS/Entries 2005-08-26 11:15:17.000000000 +0200
@@ -33,5 +33,5 @@
/class.uiserver.inc.php/1.3.2.2.2.3/Mon Jan 3 05:56:11 2005//TVersion-0_9_16-branch
/hook_after_navbar.inc.php/1.3.4.1/Mon Jan 3 05:56:12 2005//TVersion-0_9_16-branch
/class.boaccounts.inc.php/1.22.2.7.2.23/Fri Jun 3 09:15:08 2005//TVersion-0_9_16-branch
-/class.uiconfig.inc.php/1.6.2.3.2.6/Fri Jun 3 09:15:08 2005//TVersion-0_9_16-branch
+/class.uiconfig.inc.php/1.6.2.3.2.7/Fri Aug 26 09:15:17 2005//TVersion-0_9_16-branch
D
diff -ru phpgroupware.org.16.006/admin/inc/class.uiconfig.inc.php phpgroupware.org.16.008/admin/inc/class.uiconfig.inc.php
--- phpgroupware.org.16.006/admin/inc/class.uiconfig.inc.php 2005-06-03 11:15:08.000000000 +0200
+++ phpgroupware.org.16.008/admin/inc/class.uiconfig.inc.php 2005-08-26 11:15:17.000000000 +0200
@@ -10,7 +10,7 @@
* option) any later version. *
\**************************************************************************/
- /* $Id: class.uiconfig.inc.php,v 1.6.2.3.2.6 2005/06/02 23:31:02 skwashd Exp $ */
+ /* $Id: class.uiconfig.inc.php,v 1.6.2.3.2.7 2005/08/26 01:33:05 skwashd Exp $ */
class uiconfig
{
@@ -213,7 +213,7 @@
$configs[] = $newvals[$i];
}
$config = implode('_',$configs);
- /* echo $config . '=' . $current_config[$config]; */
+ echo $config . '=' . $current_config[$config] . '
';
if ($current_config[$config] == $setting)
{
$t->set_var($value,' selected');
diff -ru phpgroupware.org.16.006/admin/templates/default/CVS/Entries phpgroupware.org.16.008/admin/templates/default/CVS/Entries
--- phpgroupware.org.16.006/admin/templates/default/CVS/Entries 2005-03-03 10:15:11.000000000 +0100
+++ phpgroupware.org.16.008/admin/templates/default/CVS/Entries 2005-08-26 11:15:19.000000000 +0200
@@ -29,9 +29,9 @@
/application_form.tpl/1.7.4.3/Mon Jan 3 05:56:13 2005//TVersion-0_9_16-branch
/applications.tpl/1.5.2.1.2.3/Mon Jan 3 05:56:13 2005//TVersion-0_9_16-branch
/category_form.tpl/1.7.2.1.2.3/Mon Jan 3 05:56:13 2005//TVersion-0_9_16-branch
-/config.tpl/1.8.4.2/Mon Jan 3 05:56:13 2005//TVersion-0_9_16-branch
/currentusers.tpl/1.6.4.2/Mon Jan 3 05:56:14 2005//TVersion-0_9_16-branch
/delete_cat.tpl/1.3.6.2/Mon Jan 3 05:56:14 2005//TVersion-0_9_16-branch
/kill_session.tpl/1.1.4.2/Mon Jan 3 05:56:14 2005//TVersion-0_9_16-branch
/nntp.tpl/1.2.6.1/Mon Jan 3 05:56:14 2005//TVersion-0_9_16-branch
/account_form_ldap.tpl/1.15.4.5/Thu Mar 3 09:15:11 2005//TVersion-0_9_16-branch
+/config.tpl/1.8.4.3/Fri Aug 26 09:15:19 2005//TVersion-0_9_16-branch
diff -ru phpgroupware.org.16.006/admin/templates/default/config.tpl phpgroupware.org.16.008/admin/templates/default/config.tpl
--- phpgroupware.org.16.006/admin/templates/default/config.tpl 2005-01-03 06:56:13.000000000 +0100
+++ phpgroupware.org.16.008/admin/templates/default/config.tpl 2005-08-26 11:15:19.000000000 +0200
@@ -205,7 +205,7 @@
|
diff -ru phpgroupware.org.16.006/developer_tools/inc/CVS/Entries phpgroupware.org.16.008/developer_tools/inc/CVS/Entries
--- phpgroupware.org.16.006/developer_tools/inc/CVS/Entries 2005-04-21 11:15:05.000000000 +0200
+++ phpgroupware.org.16.008/developer_tools/inc/CVS/Entries 2005-08-13 11:15:23.000000000 +0200
@@ -1,4 +1,4 @@
/class.bolangfile.inc.php/1.8.2.2.2.7/Sun Aug 10 15:01:51 2003//TVersion-0_9_16-branch
-/class.solangfile.inc.php/1.9.2.4.2.12/Sun Aug 10 21:43:33 2003//TVersion-0_9_16-branch
/class.uilangfile.inc.php/1.10.2.1.2.10/Thu Apr 21 09:15:05 2005//TVersion-0_9_16-branch
+/class.solangfile.inc.php/1.9.2.4.2.13/Sat Aug 13 09:15:23 2005//TVersion-0_9_16-branch
D
diff -ru phpgroupware.org.16.006/developer_tools/inc/class.solangfile.inc.php phpgroupware.org.16.008/developer_tools/inc/class.solangfile.inc.php
--- phpgroupware.org.16.006/developer_tools/inc/class.solangfile.inc.php 2003-08-10 23:43:33.000000000 +0200
+++ phpgroupware.org.16.008/developer_tools/inc/class.solangfile.inc.php 2005-08-13 11:15:23.000000000 +0200
@@ -9,7 +9,7 @@
* option) any later version. *
\**************************************************************************/
- /* $Id: class.solangfile.inc.php,v 1.9.2.4.2.12 2003/08/10 21:43:33 ralfbecker Exp $ */
+ /* $Id: class.solangfile.inc.php,v 1.9.2.4.2.13 2005/08/12 13:50:23 skwashd Exp $ */
class solangfile
{
@@ -160,7 +160,7 @@
{
if (@is_dir($fd.$fn.SEP))
{
- if (($fn!='.')&&($fn!='..')&&($fn!='CVS'))
+ if ( ($fn!='.')&&($fn!='..') && ($fn!='CVS') && ($fn!='.svn') )
{
$this->parse_php_app($app,$fd.$fn.SEP);
}
Only in phpgroupware.org.16.008/fudforum: CAN-2005-2600-fix.diff
diff -ru phpgroupware.org.16.006/fudforum/CVS/Entries phpgroupware.org.16.008/fudforum/CVS/Entries
--- phpgroupware.org.16.006/fudforum/CVS/Entries 2004-03-02 23:58:53.000000000 +0100
+++ phpgroupware.org.16.008/fudforum/CVS/Entries 2005-08-24 16:28:40.000000000 +0200
@@ -3,3 +3,4 @@
D/setup////
D/templates////
/index.php/1.1.1.1.2.1/Tue Mar 2 22:58:53 2004//TVersion-0_9_16-branch
+/CAN-2005-2600-fix.diff/1.1.2.1/Wed Aug 24 13:45:40 2005//TVersion-0_9_16-branch
diff -ru phpgroupware.org.16.006/fudforum/setup/base/src/CVS/Entries phpgroupware.org.16.008/fudforum/setup/base/src/CVS/Entries
--- phpgroupware.org.16.006/fudforum/setup/base/src/CVS/Entries 2004-09-05 05:45:44.000000000 +0200
+++ phpgroupware.org.16.008/fudforum/setup/base/src/CVS/Entries 2005-08-24 16:28:40.000000000 +0200
@@ -99,7 +99,6 @@
/thread_view_common.inc.t/1.1.1.1/Sat Nov 1 22:57:25 2003//TVersion-0_9_16-branch
/threadt.php.t/1.1.1.1/Sat Nov 1 22:57:26 2003//TVersion-0_9_16-branch
/tmp_view.php.t/1.1.1.1/Sat Nov 1 22:57:19 2003//TVersion-0_9_16-branch
-/tree.php.t/1.1.1.1/Sat Nov 1 22:57:17 2003//TVersion-0_9_16-branch
/tz.inc.t/1.1.1.1/Sat Nov 1 22:57:20 2003//TVersion-0_9_16-branch
/ulink.inc.t/1.1.1.1/Sat Nov 1 22:57:20 2003//TVersion-0_9_16-branch
/users.inc.t/1.1.1.1/Sat Nov 1 22:57:21 2003//TVersion-0_9_16-branch
@@ -107,4 +106,5 @@
/usrinfo.php.t/1.1.1.1/Sat Nov 1 22:57:22 2003//TVersion-0_9_16-branch
/wordwrap.inc.t/1.1.1.1/Sat Nov 1 22:57:16 2003//TVersion-0_9_16-branch
/usercp.inc.t/1.1.1.1.2.1/Sun Sep 5 03:45:44 2004//TVersion-0_9_16-branch
+/tree.php.t/1.1.1.1.2.1/Wed Aug 24 14:28:40 2005//TVersion-0_9_16-branch
D
diff -ru phpgroupware.org.16.006/fudforum/setup/base/src/tree.php.t phpgroupware.org.16.008/fudforum/setup/base/src/tree.php.t
--- phpgroupware.org.16.006/fudforum/setup/base/src/tree.php.t 2003-11-01 23:57:17.000000000 +0100
+++ phpgroupware.org.16.008/fudforum/setup/base/src/tree.php.t 2005-08-24 16:28:40.000000000 +0200
@@ -2,7 +2,7 @@
/***************************************************************************
* copyright : (C) 2001-2003 Advanced Internet Designs Inc.
* email : forum@prohost.org
-* $Id: tree.php.t,v 1.1.1.1 2003/11/01 22:57:17 skwashd Exp $
+* $Id: tree.php.t,v 1.1.1.1.2.1 2005/08/24 13:25:37 skwashd Exp $
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -131,7 +131,7 @@
LEFT JOIN {SQL_TABLE_PREFIX}poll p ON m.poll_id=p.id
LEFT JOIN {SQL_TABLE_PREFIX}poll_opt_track pot ON pot.poll_id=p.id AND pot.user_id='._uid.'
WHERE
- m.id='.$mid.' AND m.apr=1');
+ m.id='.$mid.' AND m.apr=1 AND m.thread_id='.$th);
if (!isset($_GET['prevloaded'])) {
th_inc_view_count($th);
@@ -262,4 +262,4 @@
/*{POST_PAGE_PHP_CODE}*/
?>
-{TEMPLATE: TREE_PAGE}
\ No newline at end of file
+{TEMPLATE: TREE_PAGE}
diff -ru phpgroupware.org.16.006/phpgwapi/doc/CHANGELOG phpgroupware.org.16.008/phpgwapi/doc/CHANGELOG
--- phpgroupware.org.16.006/phpgwapi/doc/CHANGELOG 2005-01-03 06:57:41.000000000 +0100
+++ phpgroupware.org.16.008/phpgwapi/doc/CHANGELOG 2005-08-26 11:17:45.000000000 +0200
@@ -1,3 +1,22 @@
+[0.9.16.008]
+ Bug fix release
+ - Fix problem with anti XSS code and arrays
+[0.9.16.007]
+ Security Fix Release
+ - Global XSS changes, related to savannah bug #13863
+ - FUDForum Information Disclosure - CAN-2005-2600
+ - Disabled XMLRPC until more resources are available - CAN-2005-2498
+[0.9.16.006]
+ Security Fix Release
+ - XMLRPC arbitary code execution - SA-15852
+ - General bug fixes
+[0.9.16.005]
+ Bug Fix Release
+ - Fixes "build" bugs in 0.9.16.004
+[0.9.16.004]
+ Security Fix Release
+ - XSS Vulnerabilities in projects, tts and wiki
+ - General bug fixes
[0.9.16.003]
Security Fix release
- XSS Exploit in wiki - Secunia ID SA12466
diff -ru phpgroupware.org.16.006/phpgwapi/doc/CVS/Entries phpgroupware.org.16.008/phpgwapi/doc/CVS/Entries
--- phpgroupware.org.16.006/phpgwapi/doc/CVS/Entries 2005-07-05 02:25:14.000000000 +0200
+++ phpgroupware.org.16.008/phpgwapi/doc/CVS/Entries 2005-08-27 07:27:52.000000000 +0200
@@ -20,7 +20,7 @@
/index.pdf/1.1.10.1/Sun Sep 5 03:46:54 2004//TVersion-0_9_16-branch
/index.txt/1.2.10.1/Sun Sep 5 03:46:54 2004//TVersion-0_9_16-branch
D/styles////
-/CHANGELOG/1.35.2.3.2.6/Mon Jan 3 05:57:41 2005//TVersion-0_9_16-branch
/cvs.html/1.2.6.2/Mon Jan 3 05:57:41 2005//TVersion-0_9_16-branch
/etiquette.txt/1.3.2.1.2.2/Mon Jan 3 05:57:41 2005//TVersion-0_9_16-branch
/index.lyx/1.2.8.1/Mon Jan 3 05:57:41 2005//TVersion-0_9_16-branch
+/CHANGELOG/1.35.2.3.2.10/Fri Aug 26 09:17:45 2005//TVersion-0_9_16-branch
diff -ru phpgroupware.org.16.006/phpgwapi/inc/CVS/Entries phpgroupware.org.16.008/phpgwapi/inc/CVS/Entries
--- phpgroupware.org.16.006/phpgwapi/inc/CVS/Entries 2005-07-05 02:25:14.000000000 +0200
+++ phpgroupware.org.16.008/phpgwapi/inc/CVS/Entries 2005-08-27 07:27:52.000000000 +0200
@@ -42,7 +42,6 @@
/class.vfs_sql.inc.php/1.15.2.6.2.13/Fri Feb 20 02:22:23 2004//TVersion-0_9_16-branch
/class.wsdl.inc.php/1.3.4.3/Fri Feb 20 02:22:23 2004//TVersion-0_9_16-branch
/class.xml.inc.php/1.1.6.2/Fri Feb 20 02:22:24 2004//TVersion-0_9_16-branch
-/class.xmlrpc_client.inc.php/1.6.4.2/Fri Feb 20 02:22:24 2004//TVersion-0_9_16-branch
/class.xmlrpcresp.inc.php/1.5.4.2/Fri Feb 20 02:22:24 2004//TVersion-0_9_16-branch
/log_functions.inc.php/1.1.2.3/Fri Feb 20 02:22:24 2004//TVersion-0_9_16-branch
/php3_support_functions.inc.php/1.11.2.2.2.3/Fri Feb 20 02:22:24 2004//TVersion-0_9_16-branch
@@ -131,14 +130,16 @@
/class.vfs_shared.inc.php/1.2.2.6/Mon Jan 3 05:57:44 2005//TVersion-0_9_16-branch
/class.xmlrpcval.inc.php/1.6.4.3/Mon Jan 3 05:57:44 2005//TVersion-0_9_16-branch
/footer.inc.php/1.17.2.2.2.8/Mon Jan 3 05:57:44 2005//TVersion-0_9_16-branch
-/functions.inc.php/1.121.2.13.2.22/Mon Jan 3 05:57:44 2005//TVersion-0_9_16-branch
/xmlrpc.interop.php/1.3.2.1.2.3/Mon Jan 3 05:57:44 2005//TVersion-0_9_16-branch
-/class.config.inc.php/1.7.2.1.2.4/Thu Jan 6 09:16:18 2005//TVersion-0_9_16-branch
-/class.accounts_ldap.inc.php/1.101.2.13.2.34/Tue Jan 25 09:16:26 2005//TVersion-0_9_16-branch
/common_functions.inc.php/1.16.2.13/Tue Apr 26 09:16:00 2005//TVersion-0_9_16-branch
/class.sessions.inc.php/1.104.4.24/Tue May 31 09:15:35 2005//TVersion-0_9_16-branch
/class.Template.inc.php/1.12.4.5/Thu Jun 9 09:17:00 2005//TVersion-0_9_16-branch
-/class.xmlrpc_server.inc.php/1.22.4.6/Tue Jul 5 00:22:46 2005//TVersion-0_9_16-branch
/class.xmlrpcmsg.inc.php/1.11.4.3/Tue Jul 5 00:22:46 2005//TVersion-0_9_16-branch
/xml_functions.inc.php/1.22.2.1.2.5/Tue Jul 5 00:22:46 2005//TVersion-0_9_16-branch
+/class.accounts_ldap.inc.php/1.101.2.13.2.35/Fri Aug 5 09:15:29 2005//TVersion-0_9_16-branch
+/class.config.inc.php/1.7.2.1.2.6/Wed Aug 10 09:17:12 2005//TVersion-0_9_16-branch
+/class.data_cleaner.inc.php/1.1.2.1/Wed Aug 24 13:46:44 2005//TVersion-0_9_16-branch
+/class.xmlrpc_client.inc.php/1.6.4.3/Wed Aug 24 14:29:17 2005//TVersion-0_9_16-branch
+/class.xmlrpc_server.inc.php/1.22.4.7/Wed Aug 24 14:29:17 2005//TVersion-0_9_16-branch
+/functions.inc.php/1.121.2.13.2.24/Fri Aug 26 09:17:48 2005//TVersion-0_9_16-branch
D
diff -ru phpgroupware.org.16.006/phpgwapi/inc/class.accounts_ldap.inc.php phpgroupware.org.16.008/phpgwapi/inc/class.accounts_ldap.inc.php
--- phpgroupware.org.16.006/phpgwapi/inc/class.accounts_ldap.inc.php 2005-01-25 10:16:26.000000000 +0100
+++ phpgroupware.org.16.008/phpgwapi/inc/class.accounts_ldap.inc.php 2005-08-05 11:15:29.000000000 +0200
@@ -11,7 +11,7 @@
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
* @package phpgwapi
* @subpackage accounts
- * @version $Id: class.accounts_ldap.inc.php,v 1.101.2.13.2.34 2005/01/25 02:21:28 skwashd Exp $
+ * @version $Id: class.accounts_ldap.inc.php,v 1.101.2.13.2.35 2005/08/04 23:24:49 skwashd Exp $
*/
/**
@@ -745,13 +745,10 @@
$entry['objectclass'][] = 'phpgwContact'; // shouldn't be structural
$entry['phpgwcontactid'] = (int)$account_info['person_id'];
}
- else
- {
- $entry['objectclass'][] = 'account';
- }
-
+
// additional attributes from the phpgw for groups
$entry['objectclass'][] = 'posixAccount';
+ $entry['objectclass'][] = 'account';
$entry['cn'] = utf8_encode($this->get_fullname($account_info['account_firstname'], $account_info['account_lastname']));
$entry['uidnumber'] = $account_info['account_id'];
$entry['uid'] = $account_info['account_lid'];
diff -ru phpgroupware.org.16.006/phpgwapi/inc/class.config.inc.php phpgroupware.org.16.008/phpgwapi/inc/class.config.inc.php
--- phpgroupware.org.16.006/phpgwapi/inc/class.config.inc.php 2005-01-06 10:16:18.000000000 +0100
+++ phpgroupware.org.16.008/phpgwapi/inc/class.config.inc.php 2005-08-10 11:17:12.000000000 +0200
@@ -2,11 +2,12 @@
/**
* Application configuration in a centralized location
* @author Joseph Engo
+ * @author Dave Hall - skwashd at phpgroupware.org
* @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc. http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
* @package phpgwapi
* @subpackage application
- * @version $Id: class.config.inc.php,v 1.7.2.1.2.4 2005/01/06 01:01:57 ceb Exp $
+ * @version $Id: class.config.inc.php,v 1.7.2.1.2.6 2005/08/09 13:04:56 skwashd Exp $
*/
/**
@@ -37,41 +38,50 @@
$this->db->query("select * from phpgw_config where config_app='" . $this->appname . "'",__LINE__,__FILE__);
while ($this->db->next_record())
{
- $test = @unserialize($this->db->f('config_value'));
+ $test = @unserialize($this->db->f('config_value', true));
if($test)
{
$this->config_data[$this->db->f('config_name')] = $test;
}
else
{
- $this->config_data[$this->db->f('config_name')] = $this->db->f('config_value');
+ $this->config_data[$this->db->f('config_name')] = $this->db->f('config_value', true);
}
}
}
function save_repository()
{
- $config_data = $this->config_data;
-
- if ($config_data)
+ if ( is_array($this->config_data) && count($this->config_data) )
{
- $this->db->lock(array('phpgw_config','phpgw_app_sessions'));
- //$this->db->query("delete from phpgw_config where config_app='" . $this->appname . "'",__LINE__,__FILE__); this is dangerous!
+ $config_data =& $this->config_data;
+
+ $this->db->lock(array('phpgw_config', 'phpgw_app_sessions'));
+ //$this->db->query("DELETE FROM phpgw_config WHERE config_app = '{$this->appname}'",__LINE__,__FILE__); //someone removed this without a proper explanation!
if($this->appname == 'phpgwapi')
{
- $this->db->query("delete from phpgw_app_sessions where sessionid = '0' and loginid = '0' and app = '".$this->appname."' and location = 'config'",__LINE__,__FILE__);
+ $this->db->query('DELETE FROM phpgw_app_sessions'
+ . ' WHERE sessionid = \'0\''
+ . ' AND loginid = 0'
+ . " AND app = '{$this->appname}'"
+ . ' AND location = \'config\'',
+ __LINE__, __FILE__);
}
- while (list($name,$value) = each($config_data))
+
+ foreach($config_data as $name => $value)
{
- if(is_array($value))
+ if( is_array($value) || is_object($value) )
{
$value = serialize($value);
}
- $name = addslashes($name);
- $value = addslashes($value);
- $this->db->query("DELETE from phpgw_config WHERE config_app='" . $this->appname . "' AND config_name='" . $name . "'",__LINE__,__FILE__);
- $query = "insert into phpgw_config (config_app,config_name,config_value) " . "values ('" . $this->appname . "','" . $name . "','" . $value . "')";
- $this->db->query($query,__LINE__,__FILE__);
+
+ $name = $this->db->db_addslashes($name);
+ $value = $this->db->db_addslashes($value);
+ $this->db->query("DELETE FROM phpgw_config WHERE config_name='{$name}'", __LINE__, __FILE__);
+
+ $query = "INSERT INTO phpgw_config (config_app,config_name,config_value)"
+ . " VALUES ('{$this->appname}', '{$name}', '{$value}')";
+ $this->db->query($query, __LINE__, __FILE__);
}
$this->db->unlock();
}
@@ -79,10 +89,10 @@
function delete_repository()
{
- $this->db->query("delete from phpgw_config where config_app='" . $this->appname . "'",__LINE__,__FILE__);
+ $this->db->query("DELETE FROM phpgw_config WHERE config_app = '{$this->appname}'", __LINE__, __FILE__);
}
- function value($variable_name,$variable_data)
+ function value($variable_name, $variable_data)
{
$this->config_data[$variable_name] = $variable_data;
}
Only in phpgroupware.org.16.008/phpgwapi/inc: class.data_cleaner.inc.php
diff -ru phpgroupware.org.16.006/phpgwapi/inc/class.xmlrpc_client.inc.php phpgroupware.org.16.008/phpgwapi/inc/class.xmlrpc_client.inc.php
--- phpgroupware.org.16.006/phpgwapi/inc/class.xmlrpc_client.inc.php 2004-02-20 03:22:24.000000000 +0100
+++ phpgroupware.org.16.008/phpgwapi/inc/class.xmlrpc_client.inc.php 2005-08-24 16:29:17.000000000 +0200
@@ -6,7 +6,7 @@
* @copyright Portions Copyright (C) 2004 Free Software Foundation, Inc. http://www.fsf.org/
* @package phpgwapi
* @subpackage xml
- * @version $Id: class.xmlrpc_client.inc.php,v 1.6.4.2 2004/02/10 13:51:19 ceb Exp $
+ * @version $Id: class.xmlrpc_client.inc.php,v 1.6.4.3 2005/08/24 14:17:45 skwashd Exp $
*/
// Redistribution and use in source and binary forms, with or without
@@ -38,6 +38,8 @@
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
// OF THE POSSIBILITY OF SUCH DAMAGE.
+//FIXME temp security fix
+exit;
/**
* XMLRPC client
diff -ru phpgroupware.org.16.006/phpgwapi/inc/class.xmlrpc_server.inc.php phpgroupware.org.16.008/phpgwapi/inc/class.xmlrpc_server.inc.php
--- phpgroupware.org.16.006/phpgwapi/inc/class.xmlrpc_server.inc.php 2005-07-05 02:22:46.000000000 +0200
+++ phpgroupware.org.16.008/phpgwapi/inc/class.xmlrpc_server.inc.php 2005-08-24 16:29:17.000000000 +0200
@@ -1,4 +1,6 @@
@@ -6,7 +8,7 @@
* @copyright Portions Copyright (C) 2003,2004 Free Software Foundation, Inc. http://www.fsf.org/
* @package phpgwapi
* @subpackage xml
- * @version $Id: class.xmlrpc_server.inc.php,v 1.22.4.6 2005/07/05 00:14:29 skwashd Exp $
+ * @version $Id: class.xmlrpc_server.inc.php,v 1.22.4.7 2005/08/24 14:19:14 skwashd Exp $
*/
diff -ru phpgroupware.org.16.006/phpgwapi/inc/functions.inc.php phpgroupware.org.16.008/phpgwapi/inc/functions.inc.php
--- phpgroupware.org.16.006/phpgwapi/inc/functions.inc.php 2005-01-03 06:57:44.000000000 +0100
+++ phpgroupware.org.16.008/phpgwapi/inc/functions.inc.php 2005-08-26 11:17:48.000000000 +0200
@@ -7,7 +7,7 @@
* @license http://www.fsf.org/licenses/lgpl.html GNU Lesser General Public License
* @package phpgwapi
* @subpackage utilities
- * @version $Id: functions.inc.php,v 1.121.2.13.2.22 2004/11/06 15:34:26 powerstat Exp $
+ * @version $Id: functions.inc.php,v 1.121.2.13.2.24 2005/08/26 01:33:15 skwashd Exp $
*/
@@ -25,9 +25,9 @@
include_once(PHPGW_API_INC.'/common_functions.inc.php');
/*!
- @function lang
- @abstract function to handle multilanguage support
- */
+ @function lang
+ @abstract function to handle multilanguage support
+ */
function lang($key,$m1='',$m2='',$m3='',$m4='',$m5='',$m6='',$m7='',$m8='',$m9='',$m10='')
{
if(is_array($m1))
@@ -42,6 +42,34 @@
return $value;
}
+ function clean_vars($vars)
+ {
+ if ( !is_array($vars) )
+ {
+ $data_cleaner = createObject('phpgwapi.data_cleaner', $vars);
+ return $data_cleaner->clean();
+ }
+
+ foreach ( $vars as $key => $val )
+ {
+ $vars[$key] = clean_vars($val);
+ }
+ return $vars;
+ }
+
+ // Remove this and I will make sure that you lose important parts of your anatomy - skwashd
+ $GLOBALS['RAW_REQUEST'] = $_REQUEST; // if you really need the raw value
+ $to_cleans = array('_GET', '_POST', '_COOKIE', '_REQUEST');
+ foreach ( $to_cleans as $to_clean )
+ {
+ if ( isset($GLOBALS[$to_clean]) && is_array($GLOBALS[$to_clean]) && count($GLOBALS[$to_clean]) )
+ {
+ $GLOBALS['to_clean'] = clean_vars($GLOBALS['to_clean']);
+ $GLOBALS["HTTP{$to_change}_VARS"] = $GLOBALS[$to_change];//legacy app support - will be dropped in 18
+ }
+ }
+
+
/* Make sure the header.inc.php is current. */
if ($GLOBALS['phpgw_info']['server']['versions']['header'] < $GLOBALS['phpgw_info']['server']['versions']['current_header'])
{
@@ -54,20 +82,20 @@
if (!isset($GLOBALS['phpgw_info']['flags']['currentapp']))
{
/* This object does not exist yet. */
- /* $GLOBALS['phpgw']->log->write(array('text'=>'W-MissingFlags, currentapp flag not set'));*/
+ /* $GLOBALS['phpgw']->log->write(array('text'=>'W-MissingFlags, currentapp flag not set'));*/
echo '!!! YOU DO NOT HAVE YOUR $GLOBALS[\'phpgw_info\'][\'flags\'][\'currentapp\'] SET !!!';
echo '
!!! PLEASE CORRECT THIS SITUATION !!!';
}
magic_quotes_runtime(false);
-// Can't use this yet - errorlog hasn't been created.
-// print_debug('sane environment','messageonly','api');
+ // Can't use this yet - errorlog hasn't been created.
+ // print_debug('sane environment','messageonly','api');
/****************************************************************************\
- * Multi-Domain support *
- \****************************************************************************/
-
+ * Multi-Domain support *
+ \****************************************************************************/
+
/* make them fix their header */
if (!isset($GLOBALS['phpgw_domain']))
{
@@ -113,8 +141,8 @@
unset ($GLOBALS['phpgw_domain']); // we kill this for security reasons
}
-// Can't use this yet - errorlog hasn't been created.
-// print_debug('domain',@$GLOBALS['phpgw_info']['user']['domain'],'api');
+ // Can't use this yet - errorlog hasn't been created.
+ // print_debug('domain',@$GLOBALS['phpgw_info']['user']['domain'],'api');
/****************************************************************************\
* These lines load up the API, fill up the $phpgw_info array, etc *
@@ -455,5 +483,5 @@
include_once(PHPGW_APP_INC . '/header.inc.php');
}
}
-
+
error_reporting(E_ERROR | E_WARNING | E_PARSE);
diff -ru phpgroupware.org.16.006/phpgwapi/setup/CVS/Entries phpgroupware.org.16.008/phpgwapi/setup/CVS/Entries
--- phpgroupware.org.16.006/phpgwapi/setup/CVS/Entries 2005-01-03 06:57:46.000000000 +0100
+++ phpgroupware.org.16.008/phpgwapi/setup/CVS/Entries 2005-08-26 11:17:50.000000000 +0200
@@ -21,6 +21,6 @@
/phpgw_ja.lang/1.11.2.1.2.3/Mon Jan 3 05:57:46 2005//TVersion-0_9_16-branch
/phpgw_pl.lang/1.1.2.3.2.2/Mon Jan 3 05:57:46 2005//TVersion-0_9_16-branch
/phpgw_pt.lang/1.1.2.2.2.2/Mon Jan 3 05:57:46 2005//TVersion-0_9_16-branch
-/setup.inc.php/1.37.2.6.2.23/Mon Jan 3 05:57:46 2005//TVersion-0_9_16-branch
-/tables_update.inc.php/1.53.2.9.2.38/Mon Jan 3 05:57:46 2005//TVersion-0_9_16-branch
+/setup.inc.php/1.37.2.6.2.26/Fri Aug 26 09:17:50 2005//TVersion-0_9_16-branch
+/tables_update.inc.php/1.53.2.9.2.41/Fri Aug 26 09:17:50 2005//TVersion-0_9_16-branch
D
diff -ru phpgroupware.org.16.006/phpgwapi/setup/setup.inc.php phpgroupware.org.16.008/phpgwapi/setup/setup.inc.php
--- phpgroupware.org.16.006/phpgwapi/setup/setup.inc.php 2005-01-03 06:57:46.000000000 +0100
+++ phpgroupware.org.16.008/phpgwapi/setup/setup.inc.php 2005-08-26 11:17:50.000000000 +0200
@@ -9,13 +9,13 @@
* option) any later version. *
\**************************************************************************/
- // $Id: setup.inc.php,v 1.37.2.6.2.23 2005/01/03 05:39:41 skwashd Exp $
+ // $Id: setup.inc.php,v 1.37.2.6.2.26 2005/08/26 01:40:21 skwashd Exp $
// $Source: /cvsroot/phpgwapi/phpgwapi/setup/setup.inc.php,v $
/* Basic information about this app */
$setup_info['phpgwapi']['name'] = 'phpgwapi';
$setup_info['phpgwapi']['title'] = 'phpgwapi';
- $setup_info['phpgwapi']['version'] = '0.9.16.005';
+ $setup_info['phpgwapi']['version'] = '0.9.16.008';
$setup_info['phpgwapi']['versions']['current_header'] = '1.24';
$setup_info['phpgwapi']['enable'] = 3;
$setup_info['phpgwapi']['app_order'] = 1;
diff -ru phpgroupware.org.16.006/phpgwapi/setup/tables_update.inc.php phpgroupware.org.16.008/phpgwapi/setup/tables_update.inc.php
--- phpgroupware.org.16.006/phpgwapi/setup/tables_update.inc.php 2005-01-03 06:57:46.000000000 +0100
+++ phpgroupware.org.16.008/phpgwapi/setup/tables_update.inc.php 2005-08-26 11:17:50.000000000 +0200
@@ -9,7 +9,7 @@
* option) any later version. *
\**************************************************************************/
- // $Id: tables_update.inc.php,v 1.53.2.9.2.38 2005/01/03 05:39:41 skwashd Exp $
+ // $Id: tables_update.inc.php,v 1.53.2.9.2.41 2005/08/26 01:40:22 skwashd Exp $
// $Source: /cvsroot/phpgwapi/phpgwapi/setup/tables_update.inc.php,v $
/* Include older phpGroupWare update support */
@@ -1654,7 +1654,7 @@
////global $setup_info,$phpgw_setup;
$db1 =& $GLOBALS['phpgw_setup']->db;
$db1->auto_stripslashes = False;
- $db1->Halt_On_Error = 'report';
+ //$db1->Halt_On_Error = 'report';
/* Check if addressmaster exist */
$GLOBALS['phpgw_setup']->oProc->query("SELECT config_name, config_value FROM phpgw_config WHERE config_name = 'addressmaster'");
@@ -1777,4 +1777,23 @@
$GLOBALS['setup_info']['phpgwapi']['currentver'] = '0.9.16.005';
return $GLOBALS['setup_info']['phpgwapi']['currentver'];
}
+
+ $test[] = '0.9.16.005';
+ function phpgwapi_upgrade0_9_16_005()
+ {
+ //this was never publicly released!
+ return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '0.9.16.006';
+ }
+
+ $test[] = '0.9.16.006';
+ function phpgwapi_upgrade0_9_16_006()
+ {
+ return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '0.9.16.007';
+ }
+
+ $test[] = '0.9.16.007';
+ function phpgwapi_upgrade0_9_16_007()
+ {
+ return $GLOBALS['phpgw_info']['phpgwapi']['currentver'] = '0.9.16.008';
+ }
?>
diff -ru phpgroupware.org.16.006/setup/CVS/Entries phpgroupware.org.16.008/setup/CVS/Entries
--- phpgroupware.org.16.006/setup/CVS/Entries 2005-07-05 02:25:05.000000000 +0200
+++ phpgroupware.org.16.008/setup/CVS/Entries 2005-08-27 07:27:40.000000000 +0200
@@ -9,7 +9,6 @@
/applications.php/1.21.2.13/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
/bulk.php/1.1.2.2/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
/config.php/1.78.2.6/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
-/index.php/1.113.2.11/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
/lang.php/1.46.2.8/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
/ldap.php/1.54.2.1/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
/ldapexport.php/1.6.2.6/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
@@ -18,3 +17,4 @@
/manageheader.php/1.45.2.17/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
/schematoy.php/1.11.2.2/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
/setup_demo.php/1.30.2.17/Mon Jan 3 05:57:28 2005//TVersion-0_9_16-branch
+/index.php/1.113.2.12/Mon Aug 22 09:16:10 2005//TVersion-0_9_16-branch
diff -ru phpgroupware.org.16.006/setup/index.php phpgroupware.org.16.008/setup/index.php
--- phpgroupware.org.16.006/setup/index.php 2005-01-03 06:57:28.000000000 +0100
+++ phpgroupware.org.16.008/setup/index.php 2005-08-22 11:16:10.000000000 +0200
@@ -8,7 +8,7 @@
* Free Software Foundation; either version 2 of the License, or (at your *
* option) any later version. *
\**************************************************************************/
- /* $Id: index.php,v 1.113.2.11 2005/01/03 05:38:12 skwashd Exp $ */
+ /* $Id: index.php,v 1.113.2.12 2005/08/21 22:45:41 ceb Exp $ */
/*
Idea: This is so I don't forget. When they are performing a new install, after config,
@@ -243,7 +243,7 @@
switch ($GLOBALS['phpgw_info']['setup']['currentver']['phpgwapi'])
{
case 'dbcreate':
- $GLOBALS['phpgw_setup']->db->create_database($db_root, $db_pass);
+ $GLOBALS['phpgw_setup']->db->create_database($_POST['db_root'], $_POST['db_pass']);
break;
case 'drop':
$setup_info = $GLOBALS['phpgw_setup']->detection->get_versions($setup_info);
diff -ru phpgroupware.org.16.006/xmlrpc.php phpgroupware.org.16.008/xmlrpc.php
--- phpgroupware.org.16.006/xmlrpc.php 2003-11-18 09:45:25.000000000 +0100
+++ phpgroupware.org.16.008/xmlrpc.php 2005-08-24 11:15:08.000000000 +0200
@@ -10,9 +10,11 @@
* option) any later version. *
\**************************************************************************/
- /* $Id: xmlrpc.php,v 1.11.4.7 2003/11/18 08:45:25 skwashd Exp $ */
+ /* $Id: xmlrpc.php,v 1.11.4.8 2005/08/23 10:04:50 skwashd Exp $ */
/* $Source: /cvsroot/phpgroupware/phpgroupware/xmlrpc.php,v $ */
+ exit; //interim security fix
+
// NOTE! This file is still in the experimental stages, use at your own risk!
// The only current documentation for it is the code and the comments
// A document explaining its usage should be done shortly