diff options
| author | Remi Collet <remi@remirepo.net> | 2018-03-17 08:10:16 +0100 |
|---|---|---|
| committer | Remi Collet <remi@remirepo.net> | 2018-03-17 08:10:16 +0100 |
| commit | fc96accb1b87c262be71a9cef5201aed4b9db0d1 (patch) | |
| tree | c523f2ee31688010cafe36efdfd3f9b12b3255f3 | |
| parent | b6674b0a774a10cbae4e969b9d6c15d2aa1397cb (diff) | |
escape get keys to prevent possible xss CVE-2018-7563
| -rw-r--r-- | 3421ff97909c794839a731e68eb8910a8dea7cc2.patch | 21 | ||||
| -rw-r--r-- | glpi.spec | 10 |
2 files changed, 29 insertions, 2 deletions
diff --git a/3421ff97909c794839a731e68eb8910a8dea7cc2.patch b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch new file mode 100644 index 0000000..6c39d87 --- /dev/null +++ b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch @@ -0,0 +1,21 @@ +From 3421ff97909c794839a731e68eb8910a8dea7cc2 Mon Sep 17 00:00:00 2001 +From: Johan Cwiklinski <jcwiklinski@teclib.com> +Date: Thu, 1 Mar 2018 09:26:04 +0100 +Subject: [PATCH] Escape get keys to prevent possible xss + +--- + inc/html.class.php | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/inc/html.class.php b/inc/html.class.php +index a985db5250..bcf1ab4c0c 100644 +--- a/inc/html.class.php ++++ b/inc/html.class.php +@@ -4096,6 +4096,7 @@ static function printCleanArray($tab, $pad=0,$jsexpand=false) { + echo "<tr><th>KEY</th><th>=></th><th>VALUE</th></tr>"; + + foreach ($tab as $key => $val) { ++ $key = Toolbox::clean_cross_side_scripting_deep($key); + echo "<tr class='tab_bg_1'><td class='top right'>"; + echo $key; + $is_array = is_array($val); @@ -1,6 +1,6 @@ # Fedora/remirepo spec file for glpi # -# Copyright (c) 2007-2017 Remi Collet +# Copyright (c) 2007-2018 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # @@ -42,7 +42,7 @@ Name: %{gh_project} Version: 9.1.7.1 %global schema 9.1.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Free IT asset management software Summary(fr): Gestion Libre de Parc Informatique @@ -59,6 +59,8 @@ Source3: %{name}-logrotate Source4: %{name}-nginx.conf Source5: %{name}-fedora-autoloader.php +Patch0: https://github.com/glpi-project/glpi/commit/3421ff97909c794839a731e68eb8910a8dea7cc2.patch + BuildArch: noarch BuildRequires: gettext %if %{with_tests} @@ -198,6 +200,7 @@ techniciens grâce à une maintenance plus cohérente. %prep %setup -q -n %{name}-%{gh_commit} +%patch0 -p1 grep %{version} config/define.php @@ -454,6 +457,9 @@ fi %changelog +* Sat Mar 17 2018 Remi Collet <remi@remirepo.net> - 9.1.7.1-2 +- escape get keys to prevent possible xss CVE-2018-7563 + * Wed Dec 6 2017 Remi Collet <remi@remirepo.net> - 9.1.7.1-1 - update to 9.1.7.1 |