summaryrefslogtreecommitdiffstats
path: root/glpi-0.84-CVE-2014-9258.patch
diff options
context:
space:
mode:
Diffstat (limited to 'glpi-0.84-CVE-2014-9258.patch')
-rw-r--r--glpi-0.84-CVE-2014-9258.patch62
1 files changed, 0 insertions, 62 deletions
diff --git a/glpi-0.84-CVE-2014-9258.patch b/glpi-0.84-CVE-2014-9258.patch
deleted file mode 100644
index 97f1966..0000000
--- a/glpi-0.84-CVE-2014-9258.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-Index: branches/0.84-bugfixes/inc/dropdown.class.php
-===================================================================
---- branches/0.84-bugfixes/inc/dropdown.class.php (révision 23260)
-+++ branches/0.84-bugfixes/inc/dropdown.class.php (révision 23261)
-@@ -177,6 +177,11 @@
- }
- }
-
-+ // Manage condition
-+ if (!empty($params['condition'])) {
-+ $params['condition'] = static::addNewCondition($params['condition']);
-+ }
-+
- $param = array('searchText' => '__VALUE__',
- 'value' => $params['value'],
- 'itemtype' => $itemtype,
-@@ -259,6 +264,11 @@
- }
- }
-
-+ static function addNewCondition($condition) {
-+ $sha1=sha1($condition);
-+ $_SESSION['glpicondition'][$sha1] = $condition;
-+ return $sha1;
-+ }
-
- /**
- * Get the value of a dropdown
-@@ -1095,7 +1105,7 @@
- 'entity_restrict' => $entity_restrict);
-
- if ($onlyglobal) {
-- $params['condition'] = "`is_global` = '1'";
-+ $params['condition'] = static::addNewCondition("`is_global` = '1'");
- }
- Ajax::updateItemOnSelectEvent("itemtype$rand", "show_$myname$rand",
- $CFG_GLPI["root_doc"]."/ajax/dropdownAllItems.php", $params);
-Index: branches/0.84-bugfixes/ajax/dropdownValue.php
-===================================================================
---- branches/0.84-bugfixes/ajax/dropdownValue.php (révision 23260)
-+++ branches/0.84-bugfixes/ajax/dropdownValue.php (révision 23261)
-@@ -72,13 +72,17 @@
- $_POST['permit_select_parent'] = false;
- }
-
--// No define rand
--if (!isset($_POST['rand'])) {
-+ // No define rand
-+ if (!isset($_POST['rand'])) {
- $_POST['rand'] = mt_rand();
- }
-
- if (isset($_POST['condition']) && !empty($_POST['condition'])) {
-- $_POST['condition'] = rawurldecode(stripslashes($_POST['condition']));
-+ if (isset($_SESSION['glpicondition'][$_POST['condition']])) {
-+ $_POST['condition'] = $_SESSION['glpicondition'][$_POST['condition']];
-+ } else {
-+ $_POST['condition'] = '';
-+ }
- }
-
- if (!isset($_POST['emptylabel']) || ($_POST['emptylabel'] == '')) {
generated by cgit (git 2.34.1) at 2024-04-26 07:27:02 +0000