summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ocsinventory-dbconf.patch88
-rw-r--r--ocsinventory-deprecated.patch78
-rw-r--r--ocsinventory-reports.conf9
-rw-r--r--ocsinventory-upgrade.patch49
-rw-r--r--ocsinventory.spec18
5 files changed, 87 insertions, 155 deletions
diff --git a/ocsinventory-dbconf.patch b/ocsinventory-dbconf.patch
deleted file mode 100644
index 2312f8a..0000000
--- a/ocsinventory-dbconf.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-diff -up ocsreports/install.php.var ocsreports/install.php
---- ocsreports/install.php.var 2011-10-31 08:42:38.914660647 +0100
-+++ ocsreports/install.php 2011-10-31 08:44:55.353669573 +0100
-@@ -96,9 +96,9 @@ if( isset($_POST["name"])) {
- else
- $instOk = true;
- }
--if( $hnd = @fopen("dbconfig.inc.php", "r") ) {
-+if( $hnd = @fopen(CONF_MYSQL, "r") ) {
- fclose($hnd);
-- require("dbconfig.inc.php");
-+ require(CONF_MYSQL);
- if (defined('COMPTE_BASE')) { // Upgrade from 2.0.x
- $valNme = COMPTE_BASE;
- } else if (isset($_SESSION["COMPTE_BASE"])) { // Upgrade from 1.3.x
-@@ -188,7 +188,7 @@ if($_POST["fin"]=="fin") {
- . "</b><br></font></center>";
-
- echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
-- unlink("dbconfig.inc.php");
-+ unlink(CONF_MYSQL);
- }
- else {
- msg_success("<b>" . $l->g(2050) . "</b><br><br><b><a href='index.php'>" . $l->g(2051) . "</a></b>");
-@@ -197,7 +197,7 @@ if($_POST["fin"]=="fin") {
- }
-
-
--if(!$ch = @fopen("dbconfig.inc.php","w")) {
-+if(!$ch = @fopen(CONF_MYSQL,"w")) {
- echo "<br><center><font color=red><b>" . $l->g(2052) . "</b></font></center>";
- die();
- }
-@@ -424,7 +424,7 @@ if( ! $erralter ) {
-
- if($nberr) {
- echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
-- unlink("dbconfig.inc.php");
-+ unlink(CONF_MYSQL);
- die();
- }
- $nberr=0;
-@@ -469,7 +469,7 @@ foreach($filenames as $fil) {
- " " . $l->g(2068) .
- "</b></font></center>";
- echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
-- unlink("dbconfig.inc.php");
-+ unlink(CONF_MYSQL);
- die();
- }
- echo "<br><center><font color=red><b>" . $l->g(2001) .
-@@ -505,7 +505,7 @@ else
-
- if($nberr) {
- echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
-- unlink("dbconfig.inc.php");
-+ unlink(CONF_MYSQL);
- die();
- }
-
-diff -up ocsreports/require/header.php.var ocsreports/require/header.php
---- ocsreports/require/header.php.var 2011-10-31 08:42:31.249548540 +0100
-+++ ocsreports/require/header.php 2011-10-31 08:43:52.704407954 +0100
-@@ -25,7 +25,6 @@ if(substr($_SERVER['DOCUMENT_ROOT'],-1)
- }else{
- define("DOCUMENT_ROOT",$_SERVER['DOCUMENT_ROOT']);
- }
--//echo DOCUMENT_ROOT."<br>".DOCUMENT_REAL_ROOT;
- //print_r($_SERVER);
-
- if ($_SESSION['OCS']['LOG_GUI'] == 1){
-@@ -72,14 +71,14 @@ if (isset($_POST['LOGOUT']) and $_POST['
- }
-
- /***************************************************** First installation checking *********************************************************/
--if( (!$fconf=@fopen("dbconfig.inc.php","r"))
-+if( (!$fconf=@fopen(CONF_MYSQL,"r"))
- || (!function_exists('session_start'))
- || (!function_exists('mysql_connect')) ) {
- require('install.php');
- die();
- }
- else{
-- require_once('dbconfig.inc.php');
-+ require_once(CONF_MYSQL);
- fclose($fconf);
- }
-
diff --git a/ocsinventory-deprecated.patch b/ocsinventory-deprecated.patch
new file mode 100644
index 0000000..de46c86
--- /dev/null
+++ b/ocsinventory-deprecated.patch
@@ -0,0 +1,78 @@
+diff -up ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig ocsreports/plugins/main_sections/ms_dict/ms_dict.php
+--- ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig 2011-11-28 17:54:50.000000000 +0100
++++ ocsreports/plugins/main_sections/ms_dict/ms_dict.php 2011-11-28 17:55:45.000000000 +0100
+@@ -37,8 +37,8 @@ if ($protectedPost['RESET']=="RESET")
+ unset($protectedPost['search']);
+ //filtre
+ if ($protectedPost['search']){
+- $search_cache=" and cache.name like '%".mysql_escape_string($protectedPost['search'])."%' ";
+- $search_count=" and extracted like '%".mysql_escape_string($protectedPost['search'])."%' ";
++ $search_cache=" and cache.name like '%".mysql_real_escape_string($protectedPost['search'])."%' ";
++ $search_count=" and extracted like '%".mysql_real_escape_string($protectedPost['search'])."%' ";
+ }
+ else{
+ $search="";
+@@ -123,7 +123,7 @@ if ($protectedPost['onglet'] == 'CAT'){
+ }
+ $querydico=substr($querydico,0,-1);
+ $querydico .= " from dico_soft left join ".$table." cache on dico_soft.extracted=cache.name
+- where formatted='".mysql_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED";
++ where formatted='".mysql_real_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED";
+ }
+ /*******************************************************CAS OF NEW*******************************************************/
+ if ($protectedPost['onglet'] == 'NEW'){
+@@ -311,4 +311,4 @@ echo "<input type='hidden' name='RESET'
+ echo "<input type='hidden' name='TRANS' id='TRANS' value=''>";
+ echo "<input type='hidden' name='SUP_CAT' id='SUP_CAT' value=''>";
+ echo "</form>";
+-?>
+\ Pas de fin de ligne à la fin du fichier.
++?>
+diff -up ocsreports/require/function_dico.php.orig ocsreports/require/function_dico.php
+--- ocsreports/require/function_dico.php.orig 2011-11-28 17:56:55.000000000 +0100
++++ ocsreports/require/function_dico.php 2011-11-28 17:57:01.000000000 +0100
+@@ -46,7 +46,7 @@ function trans($onglet,$list_soft,$affec
+ $table="softwares";
+ //verif is this cat exist
+ if ($new_cat != ''){
+- $sql_verif="select extracted from dico_soft where formatted ='".mysql_escape_string($new_cat)."'";
++ $sql_verif="select extracted from dico_soft where formatted ='".mysql_real_escape_string($new_cat)."'";
+ $result_search_soft = mysql_query( $sql_verif, $_SESSION['OCS']["readServer"]);
+ $item_search_soft = mysql_fetch_object($result_search_soft);
+ if (isset($item_search_soft->extracted) or $new_cat == "IGNORED" or $new_cat == "UNCHANGED"){
+@@ -71,10 +71,10 @@ function trans($onglet,$list_soft,$affec
+ }elseif($exist_cat == "UNCHANGED"){
+ $sql="insert dico_soft (extracted,formatted) select distinct NAME,NAME from ".$table." where ID in (".implode(",",$list_soft).")";
+ }else
+- $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
++ $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
+ }else{
+ if (!isset($already_exist)){
+- $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
++ $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
+ }else
+ echo "<script>alert('".$l->g(771)."')</script>";
+ }
+diff -up ocsreports/require/function_table_html.php.orig ocsreports/require/function_table_html.php
+--- ocsreports/require/function_table_html.php.orig 2011-11-28 17:57:10.000000000 +0100
++++ ocsreports/require/function_table_html.php 2011-11-28 17:57:38.000000000 +0100
+@@ -163,7 +163,7 @@ function escape_string($array){
+ function xml_escape_string($array){
+ foreach ($array as $key=>$value){
+ $trait_array[$key]=xml_encode($value);
+- //$trait_array[$key]=mysql_escape_string($value);
++ //$trait_array[$key]=mysql_real_escape_string($value);
+ }
+ return ($trait_array);
+ }
+@@ -801,8 +801,8 @@ function onglet($def_onglets,$form_name,
+ $current=1;
+ }
+ }else{
+- //echo "<script>alert('".mysql_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>";
+- if (mysql_escape_string(stripslashes($protectedPost[$post_name])) === mysql_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){
++ //echo "<script>alert('".mysql_real_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>";
++ if (mysql_real_escape_string(stripslashes($protectedPost[$post_name])) === mysql_real_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){
+ echo "id='current'";
+ $current=1;
+ }
diff --git a/ocsinventory-reports.conf b/ocsinventory-reports.conf
index 331f5ad..2c2b86c 100644
--- a/ocsinventory-reports.conf
+++ b/ocsinventory-reports.conf
@@ -60,14 +60,5 @@ Alias OCSREPORTS_ALIAS PATH_TO_OCSREPORTS_DIR
#
Alias PACKAGES_ALIAS PATH_TO_PACKAGES_DIR
-################################################################################
-# Snmp communities area
-#
-# Alias to put Snmp communities reference file (snmp_com.txt) outside Apache document root directory
-#
-# Uncomment this Alias to allow SNMP discovery feature
-# WARNING this file, with communities definition, will be publicly available
-#Alias SNMP_ALIAS PATH_TO_SNMP_DIR
-
#</VirtualHost>
diff --git a/ocsinventory-upgrade.patch b/ocsinventory-upgrade.patch
deleted file mode 100644
index bd8626a..0000000
--- a/ocsinventory-upgrade.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff -up ocsreports/install.php.orig ocsreports/install.php
---- ocsreports/install.php.orig 2011-10-27 18:04:00.011717775 +0200
-+++ ocsreports/install.php 2011-10-27 18:16:38.947261089 +0200
-@@ -99,10 +99,32 @@ if( isset($_POST["name"])) {
- if( $hnd = @fopen("dbconfig.inc.php", "r") ) {
- fclose($hnd);
- require("dbconfig.inc.php");
-- $valNme = COMPTE_BASE;
-- $valPass = PSWD_BASE;
-- $valServ = SERVER_WRITE;
-- $valdatabase = DB_NAME;
-+ if (defined('COMPTE_BASE')) { // Upgrade from 2.0.x
-+ $valNme = COMPTE_BASE;
-+ } else if (isset($_SESSION["COMPTE_BASE"])) { // Upgrade from 1.3.x
-+ $valNme = $_SESSION["COMPTE_BASE"];
-+ } else { // Fresh install
-+ $valNme = '';
-+ }
-+ if (defined('PSWD_BASE')) {
-+ $valPass = PSWD_BASE;
-+ } else if (isset($_SESSION["PSWD_BASE"])) {
-+ $valPass = $_SESSION["PSWD_BASE"];
-+ } else {
-+ $valPass = '';
-+ }
-+ if (defined('SERVER_WRITE')) {
-+ $valServ = SERVER_WRITE;
-+ } else if (isset($_SESSION["SERVEUR_SQL"])) {
-+ $valServ = $_SESSION["SERVEUR_SQL"];
-+ } else {
-+ $valServ = '';
-+ }
-+ if (defined('DB_NAME')) {
-+ $valdatabase = DB_NAME;
-+ } else { // Upgrade from 1.3.x
-+ $valdatabase = 'ocsweb';
-+ }
- }
-
- if( ! $instOk ) {
-@@ -113,7 +135,7 @@ if( ! $instOk ) {
- $name_field=array("name","pass","database","host");
- $tab_name= array($l->g(247).": ",$l->g(248).": ",$l->g(1233).":",$l->g(250).":");
- $type_field= array(0,4,0,0);
-- $value_field=array($valNme,$valPass,(isset($valdatabase) && $valdatabase!= 'DB_NAME'? $valdatabase: "ocsweb"),$valServ);
-+ $value_field=array($valNme,$valPass,$valdatabase,$valServ);
-
- $tab_typ_champ=show_field($name_field,$type_field,$value_field);
- tab_modif_values($tab_name,$tab_typ_champ,$tab_hidden,$title="",$comment="",$name_button="INSTALL",$showbutton='BUTTON',$form_name);
diff --git a/ocsinventory.spec b/ocsinventory.spec
index 9bded84..5b32e60 100644
--- a/ocsinventory.spec
+++ b/ocsinventory.spec
@@ -11,8 +11,8 @@
Name: ocsinventory
Summary: Open Computer and Software Inventory Next Generation
-Version: 2.0.2
-Release: 1%{?dist}.3
+Version: 2.0.3
+Release: 1%{?dist}
Group: Applications/Internet
License: GPLv2
@@ -22,12 +22,8 @@ URL: http://www.ocsinventory-ng.org/
Source0: http://launchpad.net/ocsinventory-server/stable-2.0/%{version}/+download/%{tarname}-%{version}.tar.gz
Source1: ocsinventory-reports.conf
-# Manage upgrade from 1.3.x
-# http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/revision/794
-Patch0: %{name}-upgrade.patch
-# Use CONF_MYSQL everywhere
-# http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/revision/796
-Patch1: %{name}-dbconf.patch
+# s/mysql_escape_string/mysql_real_escape_string/
+Patch0: %{name}-deprecated.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -136,7 +132,6 @@ navigateur favori.
%setup -q -n %{tarname}-%{version}
%patch0 -p0
-%patch1 -p0
chmod -x binutils/ocs-errors
@@ -320,6 +315,11 @@ fi
%changelog
+* Mon Nov 28 2011 Remi Collet <Fedora@famillecollet.com> - 2.0.3-1
+- update to 2.0.3
+- drop patches merged upstream
+- add patch for mysql_escape_string calls
+
* Mon Oct 31 2011 Remi Collet <Fedora@famillecollet.com> - 2.0.2-1.3
- provides external-agents.conf (OCS_OPT_EXT_USERAGENTS_FILE_PATH)