Attached are the patches I have prepared that backports the fixes of these vulnerabilities to the version in sarge (4.52-1).
They're really attached this time. -- Cameron Dale
diff -Nur libphp-adodb-4.52/build-tree/adodb/server.php libphp-adodb-4.52.new/build-tree/adodb/server.php --- libphp-adodb-4.52/build-tree/adodb/server.php 2004-07-06 01:32:26.000000000 -0700 +++ libphp-adodb-4.52.new/build-tree/adodb/server.php 2006-03-24 15:32:39.000000000 -0800 @@ -26,7 +26,7 @@ * Define the IP address you want to accept requests from * as a security measure. If blank we accept anyone promisciously! */ -$ACCEPTIP = ''; +$ACCEPTIP = '127.0.0.1'; /* * Connection parameters @@ -34,7 +34,7 @@ $driver = 'mysql'; $host = 'localhost'; // DSN for odbc $uid = 'root'; -$pwd = ''; +$pwd = 'garbage-it-is'; $database = 'test'; /*============================ DO NOT MODIFY BELOW HERE =================================*/ @@ -67,13 +67,15 @@ $remote = $HTTP_SERVER_VARS["REMOTE_ADDR"]; -if (empty($HTTP_GET_VARS['sql'])) err('No SQL'); if (!empty($ACCEPTIP)) if ($remote != '127.0.0.1' && $remote != $ACCEPTIP) err("Unauthorised client: '$remote'"); +if (empty($HTTP_GET_VARS['sql'])) err('No SQL'); + + $conn = &ADONewConnection($driver); if (!$conn->Connect($host,$uid,$pwd,$database)) err($conn->ErrorNo(). $sep . $conn->ErrorMsg()); @@ -95,4 +97,4 @@ } else err($conn->ErrorNo(). $sep .$conn->ErrorMsg()); -?> \ No newline at end of file +?>
diff -Nur libphp-adodb-4.52/build-tree/adodb/tests/tmssql.php libphp-adodb-4.52.new/build-tree/adodb/tests/tmssql.php --- libphp-adodb-4.52/build-tree/adodb/tests/tmssql.php 2003-04-15 04:36:28.000000000 -0700 +++ libphp-adodb-4.52.new/build-tree/adodb/tests/tmssql.php 2006-03-24 15:41:04.000000000 -0800 @@ -53,6 +53,16 @@ $rs = $conn->Execute('delete from tester'); print "date=".$conn->GetOne('select getdate()')."<br>"; } + + +$ACCEPTIP = '127.0.0.1'; + +$remote = $HTTP_SERVER_VARS["REMOTE_ADDR"]; + +if (!empty($ACCEPTIP)) + if ($remote != '127.0.0.1' && $remote != $ACCEPTIP) + die("Unauthorised client: '$remote'"); + ?> <a href=tmssql.php?do=tmssql>mssql</a> <a href=tmssql.php?do=tpear>pear</a> @@ -60,6 +70,11 @@ <?php if (!empty($_GET['do'])) { $do = $_GET['do']; - $do(); + switch($do) { + case 'tpear': + case 'tadodb': + case 'tmssql': + $do(); + } } -?> \ No newline at end of file +?>
diff -Nur libphp-adodb-4.52/build-tree/adodb/drivers/adodb-postgres64.inc.php libphp-adodb-4.52.new/build-tree/adodb/drivers/adodb-postgres64.inc.php --- libphp-adodb-4.52/build-tree/adodb/drivers/adodb-postgres64.inc.php 2004-08-10 01:26:27.000000000 -0700 +++ libphp-adodb-4.52.new/build-tree/adodb/drivers/adodb-postgres64.inc.php 2006-03-24 15:49:22.000000000 -0800 @@ -214,7 +214,7 @@ return $ret; } - /* + // if magic quotes disabled, use pg_escape_string() function qstr($s,$magic_quotes=false) { @@ -223,7 +223,7 @@ return "'".pg_escape_string($s)."'"; } if ($this->replaceQuote[0] == '\\'){ - $s = adodb_str_replace(array('\\',"\0"),array('\\\\',"\\\0"),$s); + $s = adodb_str_replace(array('\\',"\0"),array('\\\\',"\\\\000"),$s); } return "'".str_replace("'",$this->replaceQuote,$s)."'"; } @@ -232,7 +232,7 @@ $s = str_replace('\\"','"',$s); return "'$s'"; } - */ + // Format date column in sql string given an input format that understands Y M D
signature.asc
Description: Digital signature