[wordpress/f14/master] Fix for BZ 666782.
Jon Ciesla
limb at fedoraproject.org
Tue Jan 11 16:58:46 UTC 2011
commit 498511599be3000ff2bea796c05aafbc8bd316e6
Author: Jon Ciesla <limb at jcomserv.net>
Date: Tue Jan 11 10:55:45 2011 -0600
Fix for BZ 666782.
wordpress-2.8.6-r17172.patch | 92 ++++++++++++++++++++++++++++++++++++++++++
wordpress.spec | 8 +++-
2 files changed, 99 insertions(+), 1 deletions(-)
---
diff --git a/wordpress-2.8.6-r17172.patch b/wordpress-2.8.6-r17172.patch
new file mode 100644
index 0000000..b78b7ae
--- /dev/null
+++ b/wordpress-2.8.6-r17172.patch
@@ -0,0 +1,92 @@
+diff -r -U2 wordpress.orig/wp-includes/formatting.php wordpress/wp-includes/formatting.php
+--- wordpress.orig/wp-includes/formatting.php 2009-11-11 17:10:13.000000000 -0600
++++ wordpress/wp-includes/formatting.php 2011-01-11 10:34:13.970920002 -0600
+@@ -2092,6 +2092,7 @@
+ // Replace ampersands and single quotes only when displaying.
+ if ( 'display' == $context ) {
+- $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
+- $url = str_replace( "'", ''', $url );
++ $url = wp_kses_normalize_entities( $url );
++ $url = str_replace( '&', '&', $url );
++ $url = str_replace( "'", ''', $url );
+ }
+
+diff -r -U2 wordpress.orig/wp-includes/kses.php wordpress/wp-includes/kses.php
+--- wordpress.orig/wp-includes/kses.php 2009-07-08 04:53:22.000000000 -0500
++++ wordpress/wp-includes/kses.php 2011-01-11 10:47:04.468920001 -0600
+@@ -534,5 +534,5 @@
+ }
+
+- if ( $arreach['name'] == 'style' ) {
++ if ( strtolower($arreach['name']) == 'style' ) {
+ $orig_value = $arreach['value'];
+
+@@ -626,5 +626,5 @@
+ {
+ $thisval = $match[1];
+- if ( in_array($attrname, $uris) )
++ if ( in_array(strtolower($attrname), $uris) )
+ $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
+
+@@ -642,5 +642,5 @@
+ {
+ $thisval = $match[1];
+- if ( in_array($attrname, $uris) )
++ if ( in_array(strtolower($attrname), $uris) )
+ $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
+
+@@ -658,5 +658,5 @@
+ {
+ $thisval = $match[1];
+- if ( in_array($attrname, $uris) )
++ if ( in_array(strtolower($attrname), $uris) )
+ $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
+
+@@ -882,12 +882,7 @@
+ */
+ function wp_kses_bad_protocol_once($string, $allowed_protocols) {
+- global $_kses_allowed_protocols;
+- $_kses_allowed_protocols = $allowed_protocols;
+-
+- $string2 = preg_split('/:|:|:/i', $string, 2);
+- if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) )
+- $string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]);
+- else
+- $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string);
++ $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 );
++ if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) )
++ $string = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols ) . trim( $string2[1] );
+
+ return $string;
+@@ -903,19 +898,9 @@
+ * @since 1.0.0
+ *
+- * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols
++ * @param string $string URI scheme to check against the whitelist
++ * @param string $allowed_protocols Allowed protocols
+ * @return string Sanitized content
+ */
+-function wp_kses_bad_protocol_once2($matches) {
+- global $_kses_allowed_protocols;
+-
+- if ( is_array($matches) ) {
+- if ( ! isset($matches[1]) || empty($matches[1]) )
+- return '';
+-
+- $string = $matches[1];
+- } else {
+- $string = $matches;
+- }
+-
++function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) {
+ $string2 = wp_kses_decode_entities($string);
+ $string2 = preg_replace('/\s/', '', $string2);
+@@ -926,6 +911,6 @@
+
+ $allowed = false;
+- foreach ( (array) $_kses_allowed_protocols as $one_protocol)
+- if (strtolower($one_protocol) == $string2) {
++ foreach ( (array) $allowed_protocols as $one_protocol )
++ if ( strtolower($one_protocol) == $string2 ) {
+ $allowed = true;
+ break;
diff --git a/wordpress.spec b/wordpress.spec
index e3d1adf..6d98d00 100644
--- a/wordpress.spec
+++ b/wordpress.spec
@@ -3,13 +3,15 @@ URL: http://www.wordpress.org
Name: wordpress
Version: 2.8.6
Group: Applications/Publishing
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2
Source0: http://wordpress.org/%{name}-%{version}.tar.gz
Source1: wordpress-httpd-conf
Source2: README.fedora.wordpress
Patch0: wordpress-2.8.6-r16625.patch
Patch1: wordpress-debian_patches_hello.patch
+Patch2: wordpress-2.8.6-r17172.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: php >= 4.1.0, webserver, php-mysql
BuildArch: noarch
@@ -23,6 +25,7 @@ almost trivial, to get information out to people on the web.
%patch0 -p0 -b .16625
%patch1 -p1 -b .dolly
+%patch2 -p1 -b .17172
# disable wp_version_check, updates are always installed via rpm
sed -i -e "s,\(.*\)'wp_version_check'\(.*\),#\1'wp_version_check'\2,g" \
@@ -87,6 +90,9 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %{_sysconfdir}/wordpress
%changelog
+* Mon Jan 03 2011 Jon Ciesla <limb at jcomserv.net> - 2.8.6-4
+- Patch for security vulnerability, BZ 666782.
+
* Thu Dec 23 2010 Jon Ciesla <limb at jcomserv.net> - 2.8.6-3
- Change Requires from httpd to webserver, BZ 523480.
- Patch for Hello Dolly lyrics, BZ 663966.
More information about the scm-commits
mailing list