[php-nusoap] * Thu Sep 02 2010 David Nalley <david at gnsa.us> 0.9.5-1 - moved to version 0.9.5 to follow upstream -
David Nalley
ke4qqq at fedoraproject.org
Fri Sep 3 03:02:56 UTC 2010
commit ed7bc7778b2545f4371961447478456931bed940
Author: David Nalley <david at gnsa.us>
Date: Thu Sep 2 23:02:43 2010 -0400
* Thu Sep 02 2010 David Nalley <david at gnsa.us> 0.9.5-1
- moved to version 0.9.5 to follow upstream
- patched XSS security vulnerability (thanks to David Hicks <hickseydr at optusnet.com.au> from MantisBT community) BZ# 629585
nusoap.xss.patch | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 89 insertions(+), 0 deletions(-)
---
diff --git a/nusoap.xss.patch b/nusoap.xss.patch
new file mode 100644
index 0000000..a03bf2e
--- /dev/null
+++ b/nusoap.xss.patch
@@ -0,0 +1,89 @@
+--- lib/class.wsdl.php 2010-04-26 16:38:08.000000000 -0400
++++ lib.new/class.wsdl.php 2010-09-02 22:27:53.963411943 -0400
+@@ -842,9 +842,9 @@
+ <body>
+ <div class=content>
+ <br><br>
+- <div class=title>'.$this->serviceName.'</div>
++ <div class=title>'.htmlentities($this->serviceName).'</div>
+ <div class=nav>
+- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
++ <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service.
+ Click on an operation name to view it's details.</p>
+ <ul>';
+ foreach($this->getOperations() as $op => $data){
+@@ -854,21 +854,21 @@
+ <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
+ foreach($data as $donnie => $marie){ // loop through opdata
+ if($donnie == 'input' || $donnie == 'output'){ // show input/output data
+- $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
++ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>';
+ foreach($marie as $captain => $tenille){ // loop through data
+ if($captain == 'parts'){ // loop thru parts
+- $b .= " $captain:<br>";
++ $b .= " ".htmlentities($captain).":<br>";
+ //if(is_array($tenille)){
+ foreach($tenille as $joanie => $chachi){
+- $b .= " $joanie: $chachi<br>";
++ $b .= " ".htmlentities($joanie).": ".htmlentities($chachi)."<br>";
+ }
+ //}
+ } else {
+- $b .= " $captain: $tenille<br>";
++ $b .= " ".htmlentities($captain).": ".htmlentities($tenille)."<br>";
+ }
+ }
+ } else {
+- $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
++ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>";
+ }
+ }
+ $b .= '</div>';
+@@ -1935,4 +1935,4 @@
+ }
+ }
+
+-?>
+\ No newline at end of file
++?>
+--- lib/nusoap.php 2010-04-26 16:38:08.000000000 -0400
++++ lib.new/nusoap.php 2010-09-02 22:40:38.277661391 -0400
+@@ -5424,9 +5424,9 @@
+ <body>
+ <div class=content>
+ <br><br>
+- <div class=title>'.$this->serviceName.'</div>
++ <div class=title>'.htmlentities($this->serviceName).'</div>
+ <div class=nav>
+- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
++ <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service.
+ Click on an operation name to view it's details.</p>
+ <ul>';
+ foreach($this->getOperations() as $op => $data){
+@@ -5436,21 +5436,21 @@
+ <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
+ foreach($data as $donnie => $marie){ // loop through opdata
+ if($donnie == 'input' || $donnie == 'output'){ // show input/output data
+- $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
++ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>';
+ foreach($marie as $captain => $tenille){ // loop through data
+ if($captain == 'parts'){ // loop thru parts
+- $b .= " $captain:<br>";
++ $b .= " ".htmlentities($captain).":<br>";
+ //if(is_array($tenille)){
+ foreach($tenille as $joanie => $chachi){
+- $b .= " $joanie: $chachi<br>";
++ $b .= " ".htmlentities($joanie).": ".htmlentities($chachi)."<br>";
+ }
+ //}
+ } else {
+- $b .= " $captain: $tenille<br>";
++ $b .= " ".htmlentities($captain).": ".htmlentities($tenille)."<br>";
+ }
+ }
+ } else {
+- $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
++ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>";
+ }
+ }
+ $b .= '</div>';
More information about the scm-commits
mailing list