diff options
Diffstat (limited to 'glpi-0.84-CVE-2014-9258.patch')
-rw-r--r-- | glpi-0.84-CVE-2014-9258.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/glpi-0.84-CVE-2014-9258.patch b/glpi-0.84-CVE-2014-9258.patch new file mode 100644 index 0000000..97f1966 --- /dev/null +++ b/glpi-0.84-CVE-2014-9258.patch @@ -0,0 +1,62 @@ +Index: branches/0.84-bugfixes/inc/dropdown.class.php +=================================================================== +--- branches/0.84-bugfixes/inc/dropdown.class.php (révision 23260) ++++ branches/0.84-bugfixes/inc/dropdown.class.php (révision 23261) +@@ -177,6 +177,11 @@ + } + } + ++ // Manage condition ++ if (!empty($params['condition'])) { ++ $params['condition'] = static::addNewCondition($params['condition']); ++ } ++ + $param = array('searchText' => '__VALUE__', + 'value' => $params['value'], + 'itemtype' => $itemtype, +@@ -259,6 +264,11 @@ + } + } + ++ static function addNewCondition($condition) { ++ $sha1=sha1($condition); ++ $_SESSION['glpicondition'][$sha1] = $condition; ++ return $sha1; ++ } + + /** + * Get the value of a dropdown +@@ -1095,7 +1105,7 @@ + 'entity_restrict' => $entity_restrict); + + if ($onlyglobal) { +- $params['condition'] = "`is_global` = '1'"; ++ $params['condition'] = static::addNewCondition("`is_global` = '1'"); + } + Ajax::updateItemOnSelectEvent("itemtype$rand", "show_$myname$rand", + $CFG_GLPI["root_doc"]."/ajax/dropdownAllItems.php", $params); +Index: branches/0.84-bugfixes/ajax/dropdownValue.php +=================================================================== +--- branches/0.84-bugfixes/ajax/dropdownValue.php (révision 23260) ++++ branches/0.84-bugfixes/ajax/dropdownValue.php (révision 23261) +@@ -72,13 +72,17 @@ + $_POST['permit_select_parent'] = false; + } + +-// No define rand +-if (!isset($_POST['rand'])) { ++ // No define rand ++ if (!isset($_POST['rand'])) { + $_POST['rand'] = mt_rand(); + } + + if (isset($_POST['condition']) && !empty($_POST['condition'])) { +- $_POST['condition'] = rawurldecode(stripslashes($_POST['condition'])); ++ if (isset($_SESSION['glpicondition'][$_POST['condition']])) { ++ $_POST['condition'] = $_SESSION['glpicondition'][$_POST['condition']]; ++ } else { ++ $_POST['condition'] = ''; ++ } + } + + if (!isset($_POST['emptylabel']) || ($_POST['emptylabel'] == '')) { |