From 8e234a05a233440706891984a170cbd5008c80e7 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Mon, 28 Nov 2011 18:09:06 +0100
Subject: ocsinventory 2.0.3

---
 ocsinventory-dbconf.patch     | 88 -------------------------------------------
 ocsinventory-deprecated.patch | 78 ++++++++++++++++++++++++++++++++++++++
 ocsinventory-reports.conf     |  9 -----
 ocsinventory-upgrade.patch    | 49 ------------------------
 ocsinventory.spec             | 18 ++++-----
 5 files changed, 87 insertions(+), 155 deletions(-)
 delete mode 100644 ocsinventory-dbconf.patch
 create mode 100644 ocsinventory-deprecated.patch
 delete mode 100644 ocsinventory-upgrade.patch

diff --git a/ocsinventory-dbconf.patch b/ocsinventory-dbconf.patch
deleted file mode 100644
index 2312f8a..0000000
--- a/ocsinventory-dbconf.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-diff -up ocsreports/install.php.var ocsreports/install.php
---- ocsreports/install.php.var	2011-10-31 08:42:38.914660647 +0100
-+++ ocsreports/install.php	2011-10-31 08:44:55.353669573 +0100
-@@ -96,9 +96,9 @@ if( isset($_POST["name"])) {
- 		else
- 			$instOk = true;
- }
--if( $hnd = @fopen("dbconfig.inc.php", "r") ) {
-+if( $hnd = @fopen(CONF_MYSQL, "r") ) {
- 		fclose($hnd);
--		require("dbconfig.inc.php");
-+		require(CONF_MYSQL);
-                 if (defined('COMPTE_BASE')) {			// Upgrade from 2.0.x
- 	                $valNme = COMPTE_BASE;
-                 } else if (isset($_SESSION["COMPTE_BASE"])) { 	// Upgrade from 1.3.x
-@@ -188,7 +188,7 @@ if($_POST["fin"]=="fin") {
- 											. "</b><br></font></center>";
- 		
- 		echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
--		unlink("dbconfig.inc.php");
-+		unlink(CONF_MYSQL);
- 	}
- 	else {
- 		msg_success("<b>" . $l->g(2050) . "</b><br><br><b><a href='index.php'>" . $l->g(2051) . "</a></b>");
-@@ -197,7 +197,7 @@ if($_POST["fin"]=="fin") {
- }
- 
- 
--if(!$ch = @fopen("dbconfig.inc.php","w")) {
-+if(!$ch = @fopen(CONF_MYSQL,"w")) {
- 	echo "<br><center><font color=red><b>" . $l->g(2052) . "</b></font></center>";
- 	die();
- }
-@@ -424,7 +424,7 @@ if( ! $erralter ) {
- 	
- if($nberr) {
- 	echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
--	unlink("dbconfig.inc.php");
-+	unlink(CONF_MYSQL);
- 	die();
- }
- $nberr=0;
-@@ -469,7 +469,7 @@ foreach($filenames as $fil) {
- 												   " " . $l->g(2068) . 
- 												   "</b></font></center>";
- 				echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
--				unlink("dbconfig.inc.php");
-+				unlink(CONF_MYSQL);
- 				die();
- 			} 
- 			echo "<br><center><font color=red><b>" . $l->g(2001) . 
-@@ -505,7 +505,7 @@ else
- 
- if($nberr) {
- 	echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>";
--	unlink("dbconfig.inc.php");
-+	unlink(CONF_MYSQL);
- 	die();
- }
- 
-diff -up ocsreports/require/header.php.var ocsreports/require/header.php
---- ocsreports/require/header.php.var	2011-10-31 08:42:31.249548540 +0100
-+++ ocsreports/require/header.php	2011-10-31 08:43:52.704407954 +0100
-@@ -25,7 +25,6 @@ if(substr($_SERVER['DOCUMENT_ROOT'],-1) 
- }else{
- 	define("DOCUMENT_ROOT",$_SERVER['DOCUMENT_ROOT']);
- }
--//echo DOCUMENT_ROOT."<br>".DOCUMENT_REAL_ROOT;
- //print_r($_SERVER);
- 
- if ($_SESSION['OCS']['LOG_GUI'] == 1){	
-@@ -72,14 +71,14 @@ if (isset($_POST['LOGOUT']) and $_POST['
- }
- 
- /***************************************************** First installation checking *********************************************************/
--if( (!$fconf=@fopen("dbconfig.inc.php","r")) 
-+if( (!$fconf=@fopen(CONF_MYSQL,"r")) 
- 		|| (!function_exists('session_start')) 
- 		|| (!function_exists('mysql_connect')) ) {
- 	require('install.php');	
- 	die();
- }
- else{	
--	require_once('dbconfig.inc.php');
-+	require_once(CONF_MYSQL);
- 	fclose($fconf);
- }
- 
diff --git a/ocsinventory-deprecated.patch b/ocsinventory-deprecated.patch
new file mode 100644
index 0000000..de46c86
--- /dev/null
+++ b/ocsinventory-deprecated.patch
@@ -0,0 +1,78 @@
+diff -up ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig ocsreports/plugins/main_sections/ms_dict/ms_dict.php
+--- ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig	2011-11-28 17:54:50.000000000 +0100
++++ ocsreports/plugins/main_sections/ms_dict/ms_dict.php	2011-11-28 17:55:45.000000000 +0100
+@@ -37,8 +37,8 @@ if ($protectedPost['RESET']=="RESET")
+ unset($protectedPost['search']);
+ //filtre
+ if ($protectedPost['search']){
+-	$search_cache=" and cache.name like '%".mysql_escape_string($protectedPost['search'])."%' ";
+-	$search_count=" and extracted like '%".mysql_escape_string($protectedPost['search'])."%' ";
++	$search_cache=" and cache.name like '%".mysql_real_escape_string($protectedPost['search'])."%' ";
++	$search_count=" and extracted like '%".mysql_real_escape_string($protectedPost['search'])."%' ";
+ }
+ else{
+ 	$search="";
+@@ -123,7 +123,7 @@ if ($protectedPost['onglet'] == 'CAT'){
+ 		} 
+ 		$querydico=substr($querydico,0,-1);
+ 		$querydico .= " from dico_soft left join ".$table." cache on dico_soft.extracted=cache.name
+-				 where formatted='".mysql_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED";
++				 where formatted='".mysql_real_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED";
+ }
+ /*******************************************************CAS OF NEW*******************************************************/
+ if ($protectedPost['onglet'] == 'NEW'){
+@@ -311,4 +311,4 @@ echo "<input type='hidden' name='RESET' 
+ echo "<input type='hidden' name='TRANS' id='TRANS' value=''>";
+ echo "<input type='hidden' name='SUP_CAT' id='SUP_CAT' value=''>";
+ echo "</form>";
+-?>
+\ Pas de fin de ligne à la fin du fichier.
++?>
+diff -up ocsreports/require/function_dico.php.orig ocsreports/require/function_dico.php
+--- ocsreports/require/function_dico.php.orig	2011-11-28 17:56:55.000000000 +0100
++++ ocsreports/require/function_dico.php	2011-11-28 17:57:01.000000000 +0100
+@@ -46,7 +46,7 @@ function trans($onglet,$list_soft,$affec
+ 	$table="softwares";
+ 	//verif is this cat exist
+ 	if ($new_cat != ''){
+-		$sql_verif="select extracted from dico_soft where formatted ='".mysql_escape_string($new_cat)."'";
++		$sql_verif="select extracted from dico_soft where formatted ='".mysql_real_escape_string($new_cat)."'";
+ 		$result_search_soft = mysql_query( $sql_verif, $_SESSION['OCS']["readServer"]);
+ 	 	$item_search_soft = mysql_fetch_object($result_search_soft);
+ 	 	if (isset($item_search_soft->extracted) or $new_cat == "IGNORED" or $new_cat == "UNCHANGED"){
+@@ -71,10 +71,10 @@ function trans($onglet,$list_soft,$affec
+ 				}elseif($exist_cat == "UNCHANGED"){
+ 					$sql="insert dico_soft (extracted,formatted) select distinct NAME,NAME from ".$table." where ID in (".implode(",",$list_soft).")";			
+ 				}else
+-					$sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
++					$sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
+ 		}else{
+ 		 	if (!isset($already_exist)){
+-		 		$sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
++		 		$sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
+ 		 	}else
+ 		 		echo "<script>alert('".$l->g(771)."')</script>";			
+ 		}
+diff -up ocsreports/require/function_table_html.php.orig ocsreports/require/function_table_html.php
+--- ocsreports/require/function_table_html.php.orig	2011-11-28 17:57:10.000000000 +0100
++++ ocsreports/require/function_table_html.php	2011-11-28 17:57:38.000000000 +0100
+@@ -163,7 +163,7 @@ function escape_string($array){
+ function xml_escape_string($array){
+ 	foreach ($array as $key=>$value){
+ 		$trait_array[$key]=xml_encode($value);
+-		//$trait_array[$key]=mysql_escape_string($value);
++		//$trait_array[$key]=mysql_real_escape_string($value);
+ 	}
+ 	return ($trait_array);
+ }
+@@ -801,8 +801,8 @@ function onglet($def_onglets,$form_name,
+ 	 		 $current=1;
+ 			}
+ 	  	}else{
+-	  		//echo "<script>alert('".mysql_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>";
+-			if (mysql_escape_string(stripslashes($protectedPost[$post_name])) === mysql_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){
++	  		//echo "<script>alert('".mysql_real_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>";
++			if (mysql_real_escape_string(stripslashes($protectedPost[$post_name])) === mysql_real_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){
+ 				 echo "id='current'";  
+ 	 			 $current=1;
+ 			}
diff --git a/ocsinventory-reports.conf b/ocsinventory-reports.conf
index 331f5ad..2c2b86c 100644
--- a/ocsinventory-reports.conf
+++ b/ocsinventory-reports.conf
@@ -60,14 +60,5 @@ Alias OCSREPORTS_ALIAS PATH_TO_OCSREPORTS_DIR
 # 
 Alias PACKAGES_ALIAS PATH_TO_PACKAGES_DIR
 
-################################################################################
-# Snmp communities area
-#
-# Alias to put Snmp communities reference file (snmp_com.txt) outside Apache document root directory
-#
-# Uncomment this Alias to allow SNMP discovery feature
-# WARNING this file, with communities definition, will be publicly available
-#Alias SNMP_ALIAS PATH_TO_SNMP_DIR
-
 #</VirtualHost>
 
diff --git a/ocsinventory-upgrade.patch b/ocsinventory-upgrade.patch
deleted file mode 100644
index bd8626a..0000000
--- a/ocsinventory-upgrade.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff -up ocsreports/install.php.orig ocsreports/install.php
---- ocsreports/install.php.orig	2011-10-27 18:04:00.011717775 +0200
-+++ ocsreports/install.php	2011-10-27 18:16:38.947261089 +0200
-@@ -99,10 +99,32 @@ if( isset($_POST["name"])) {
- if( $hnd = @fopen("dbconfig.inc.php", "r") ) {
- 		fclose($hnd);
- 		require("dbconfig.inc.php");
--		$valNme = COMPTE_BASE;
--		$valPass = PSWD_BASE;
--		$valServ = SERVER_WRITE;
--		$valdatabase = DB_NAME;
-+                if (defined('COMPTE_BASE')) {			// Upgrade from 2.0.x
-+	                $valNme = COMPTE_BASE;
-+                } else if (isset($_SESSION["COMPTE_BASE"])) { 	// Upgrade from 1.3.x
-+	                $valNme = $_SESSION["COMPTE_BASE"];
-+                } else { 					// Fresh install
-+	                $valNme = '';
-+                }
-+                if (defined('PSWD_BASE')) {	
-+	                $valPass = PSWD_BASE;
-+                } else if (isset($_SESSION["PSWD_BASE"])) {
-+	                $valPass = $_SESSION["PSWD_BASE"];
-+                } else { 
-+	                $valPass = '';
-+                }
-+                if (defined('SERVER_WRITE')) {	
-+	                $valServ = SERVER_WRITE;
-+                } else if (isset($_SESSION["SERVEUR_SQL"])) {
-+	                $valServ = $_SESSION["SERVEUR_SQL"];
-+                } else { 
-+	                $valServ = '';
-+                }
-+                if (defined('DB_NAME')) {	
-+	                $valdatabase = DB_NAME;
-+                } else {                                        // Upgrade from 1.3.x
-+	                $valdatabase = 'ocsweb';
-+                }
- }
- 
- if( ! $instOk ) {
-@@ -113,7 +135,7 @@ if( ! $instOk ) {
- 	$name_field=array("name","pass","database","host");
- 	$tab_name= array($l->g(247).": ",$l->g(248).": ",$l->g(1233).":",$l->g(250).":");
- 	$type_field= array(0,4,0,0);
--	$value_field=array($valNme,$valPass,(isset($valdatabase) && $valdatabase!= 'DB_NAME'? $valdatabase: "ocsweb"),$valServ);
-+	$value_field=array($valNme,$valPass,$valdatabase,$valServ);
- 
- 	$tab_typ_champ=show_field($name_field,$type_field,$value_field);
- 	tab_modif_values($tab_name,$tab_typ_champ,$tab_hidden,$title="",$comment="",$name_button="INSTALL",$showbutton='BUTTON',$form_name);
diff --git a/ocsinventory.spec b/ocsinventory.spec
index 9bded84..5b32e60 100644
--- a/ocsinventory.spec
+++ b/ocsinventory.spec
@@ -11,8 +11,8 @@
 Name:        ocsinventory
 Summary:     Open Computer and Software Inventory Next Generation
 
-Version:     2.0.2
-Release:     1%{?dist}.3
+Version:     2.0.3
+Release:     1%{?dist}
 
 Group:       Applications/Internet
 License:     GPLv2
@@ -22,12 +22,8 @@ URL:         http://www.ocsinventory-ng.org/
 Source0:     http://launchpad.net/ocsinventory-server/stable-2.0/%{version}/+download/%{tarname}-%{version}.tar.gz
 Source1:     ocsinventory-reports.conf
 
-# Manage upgrade from 1.3.x
-# http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/revision/794
-Patch0:      %{name}-upgrade.patch
-# Use CONF_MYSQL everywhere
-# http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/revision/796
-Patch1:      %{name}-dbconf.patch
+# s/mysql_escape_string/mysql_real_escape_string/
+Patch0:      %{name}-deprecated.patch
 
 BuildArch:   noarch
 BuildRoot:   %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -136,7 +132,6 @@ navigateur favori.
 %setup -q -n %{tarname}-%{version}
 
 %patch0 -p0
-%patch1 -p0
 
 chmod -x binutils/ocs-errors
 
@@ -320,6 +315,11 @@ fi
 
 
 %changelog
+* Mon Nov 28 2011 Remi Collet <Fedora@famillecollet.com> - 2.0.3-1
+- update to 2.0.3
+- drop patches merged upstream
+- add patch for mysql_escape_string calls
+
 * Mon Oct 31 2011 Remi Collet <Fedora@famillecollet.com> - 2.0.2-1.3
 - provides external-agents.conf (OCS_OPT_EXT_USERAGENTS_FILE_PATH)
 
-- 
cgit