From f30cd1447b77f461dd0a459652bc03399d6d7878 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 6 Oct 2015 13:25:08 +0200 Subject: glpi: 0.85 is now in "remi" --- glpi-0.84-CVE-2014-9258.patch | 62 ------------------------------------------- 1 file changed, 62 deletions(-) delete mode 100644 glpi-0.84-CVE-2014-9258.patch (limited to 'glpi-0.84-CVE-2014-9258.patch') diff --git a/glpi-0.84-CVE-2014-9258.patch b/glpi-0.84-CVE-2014-9258.patch deleted file mode 100644 index 97f1966..0000000 --- a/glpi-0.84-CVE-2014-9258.patch +++ /dev/null @@ -1,62 +0,0 @@ -Index: branches/0.84-bugfixes/inc/dropdown.class.php -=================================================================== ---- branches/0.84-bugfixes/inc/dropdown.class.php (révision 23260) -+++ branches/0.84-bugfixes/inc/dropdown.class.php (révision 23261) -@@ -177,6 +177,11 @@ - } - } - -+ // Manage condition -+ if (!empty($params['condition'])) { -+ $params['condition'] = static::addNewCondition($params['condition']); -+ } -+ - $param = array('searchText' => '__VALUE__', - 'value' => $params['value'], - 'itemtype' => $itemtype, -@@ -259,6 +264,11 @@ - } - } - -+ static function addNewCondition($condition) { -+ $sha1=sha1($condition); -+ $_SESSION['glpicondition'][$sha1] = $condition; -+ return $sha1; -+ } - - /** - * Get the value of a dropdown -@@ -1095,7 +1105,7 @@ - 'entity_restrict' => $entity_restrict); - - if ($onlyglobal) { -- $params['condition'] = "`is_global` = '1'"; -+ $params['condition'] = static::addNewCondition("`is_global` = '1'"); - } - Ajax::updateItemOnSelectEvent("itemtype$rand", "show_$myname$rand", - $CFG_GLPI["root_doc"]."/ajax/dropdownAllItems.php", $params); -Index: branches/0.84-bugfixes/ajax/dropdownValue.php -=================================================================== ---- branches/0.84-bugfixes/ajax/dropdownValue.php (révision 23260) -+++ branches/0.84-bugfixes/ajax/dropdownValue.php (révision 23261) -@@ -72,13 +72,17 @@ - $_POST['permit_select_parent'] = false; - } - --// No define rand --if (!isset($_POST['rand'])) { -+ // No define rand -+ if (!isset($_POST['rand'])) { - $_POST['rand'] = mt_rand(); - } - - if (isset($_POST['condition']) && !empty($_POST['condition'])) { -- $_POST['condition'] = rawurldecode(stripslashes($_POST['condition'])); -+ if (isset($_SESSION['glpicondition'][$_POST['condition']])) { -+ $_POST['condition'] = $_SESSION['glpicondition'][$_POST['condition']]; -+ } else { -+ $_POST['condition'] = ''; -+ } - } - - if (!isset($_POST['emptylabel']) || ($_POST['emptylabel'] == '')) { -- cgit