Moritz Muehlenhoff wrote: > On Mon, Sep 10, 2007 at 04:02:14PM -0400, Michael Schultheiss wrote: > > fixed 441407 2.2.3-1 > > kthxbye > > > > Thijs Kinkhorst wrote: > > > Package: gallery2 > > > Version: 2.1.2-2 > > > Severity: serious > > > Tags: security > > > > > > Hi, > > > > > > As you know Gallery 2.2.3 has been released which fixes several > > > security bugs in the WebDAV and Reupload modules. Could you please > > > asess whether an update for etch is necessary? > > > > I'll check with upstream and let you know. > > What's the result?
WebDav is not in gallery2 2.1.2-2 (version in etch). Reupload is in gallery2 2.1.2-2 and the attached patch should fix the security issue. -- ---------------------------- Michael Schultheiss E-mail: [EMAIL PROTECTED]
--- modules/reupload/ReuploadPhotoOption.inc 2007-10-17 13:49:58.000000000 +0000
+++ modules/reupload/ReuploadPhotoOption.inc 2007-10-17 13:51:25.000000000 +0000
@@ -1,9 +1,7 @@
<?php
/*
- * $RCSfile: ReuploadPhotoOption.inc,v $
- *
* Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2006 Bharat Mediratta
+ * Copyright (C) 2000-2007 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -21,15 +19,11 @@
*/
/**
- * @version $Revision: 1.1 $ $Date: 2006/01/27 04:36:04 $
+ * This ItemEditOption will handle the reupload of a photo
* @package Reupload
+ * @subpackage UserInterface
* @author Piotr P. Karwasz <[EMAIL PROTECTED]>
- */
-
-/**
- * This controller will handle the reupload of a photo
- *
- * @package Reupload
+ * @version $Revision: 16994 $
*/
class ReuploadPhotoOption extends ItemEditOption {
@@ -40,26 +34,33 @@
global $gallery;
$platform =& $gallery->getPlatform();
- $status = array();
- $error = array();
+ $status = $error = array();
if (!empty($form['tmp_name']['reupload']) && !empty($form['size']['reupload'])) {
$inputFileName = $form['tmp_name']['reupload'];
list ($ret, $module) = GalleryCoreApi::loadPlugin('module', 'reupload');
if ($ret) {
- return array($ret->wrap(__FILE__, __LINE__), null, null);
+ return array($ret, null, null);
}
if (!$platform->is_uploaded_file($inputFileName)
|| !$platform->file_exists($inputFileName)) {
- return array(GalleryCoreApi::error(ERROR_BAD_PARAMETER, __FILE__, __LINE__),
- null, null);
+ return array(GalleryCoreApi::error(ERROR_BAD_PARAMETER), null, null);
+ }
+
+ list ($ret, $hasLinkedEntity) = $this->_hasLinkedEntity($item);
+ if ($ret) {
+ return array($ret, null, null);
+ }
+ if ($hasLinkedEntity) {
+ /* UI does not allow this */
+ return array(GalleryCoreApi::error(ERROR_BAD_PARAMETER), null, null);
}
list ($ret, $path) = $item->fetchPath();
if ($ret) {
- return array($ret->wrap(__FILE__, __LINE__), null, null);
+ return array($ret, null, null);
}
/*
@@ -68,31 +69,33 @@
*/
list ($ret, $lockIds[]) = GalleryCoreApi::acquireReadLockParents($item->getId());
if ($ret) {
- return array($ret->wrap(__FILE__, __LINE__), null, null);
+ return array($ret, null, null);
}
list ($ret, $lockIds[]) = GalleryCoreApi::acquireWriteLock($item->getId());
if ($ret) {
- return array($ret->wrap(__FILE__, __LINE__), null, null);
+ return array($ret, null, null);
+ }
+ list ($ret, $item) = $item->refresh();
+ if ($ret) {
+ GalleryCoreApi::releaseLocks($lockIds);
+ return array($ret, null, null);
}
/* take backup first */
$tmpfname = $platform->tempnam($gallery->getConfig('data.gallery.tmp'), 'tmp_');
if (!$tmpfname) {
GalleryCoreApi::releaseLocks($lockIds);
- return array(GalleryCoreApi::error(ERROR_PLATFORM_FAILURE, __FILE__, __LINE__),
- null, null);
+ return array(GalleryCoreApi::error(ERROR_PLATFORM_FAILURE), null, null);
}
if (!$platform->copy($path, $tmpfname)) {
$platform->unlink($tmpfname);
GalleryCoreApi::releaseLocks($lockIds);
- return array(GalleryCoreApi::error(ERROR_PLATFORM_FAILURE, __FILE__, __LINE__),
- null, null);
+ return array(GalleryCoreApi::error(ERROR_PLATFORM_FAILURE), null, null);
}
if (!$platform->copy($inputFileName, $path)) {
$platform->unlink($tmpfname);
GalleryCoreApi::releaseLocks($lockIds);
- return array(GalleryCoreApi::error(ERROR_PLATFORM_FAILURE, __FILE__, __LINE__),
- null, null);
+ return array(GalleryCoreApi::error(ERROR_PLATFORM_FAILURE), null, null);
}
$ret = $item->rescan();
@@ -113,19 +116,19 @@
$platform->copy($tmpfname, $path);
$platform->unlink($tmpfname);
GalleryCoreApi::releaseLocks($lockIds);
- return array($ret->wrap(__FILE__, __LINE__), null, null);
+ return array($ret, null, null);
}
$platform->unlink($tmpfname);
$ret = GalleryCoreApi::releaseLocks($lockIds);
if ($ret) {
- return array($ret->wrap(__FILE__, __LINE__), null, null);
+ return array($ret, null, null);
}
$ret = GalleryCoreApi::invalidateDerivativeDimensionsBySourceIds(
array($item->getId()));
if ($ret) {
- return array($ret->wrap(__FILE__, __LINE__), null, null);
+ return array($ret, null, null);
}
$status[] = $module->translate('Reuploaded file successfully.');
@@ -148,7 +151,7 @@
function loadTemplate(&$template, &$form, $item, $thumbnail) {
list ($ret, $module) = GalleryCoreApi::loadPlugin('module', 'reupload');
if ($ret) {
- return array($ret->wrap(__FILE__, __LINE__), null, null);
+ return array($ret, null, null);
}
if ($template->hasVariable('ItemAdmin')) {
@@ -178,22 +181,44 @@
'arg1' => (int)($maxFileSize / (1024))));
}
+ list ($ret, $hasLinkedEntity) = $this->_hasLinkedEntity($item);
+ if ($ret) {
+ return array($ret, null, null);
+ }
+
$template->setVariable('ReuploadPhotoOption',
array('maxFileSize' => $maxFileSize,
- 'uploadsPermitted' => $fileUploadsBool));
-
+ 'uploadsPermitted' => $fileUploadsBool,
+ 'hasLinkedEntity' => $hasLinkedEntity));
- return array(null,
- 'modules/reupload/templates/ReuploadPhotoOption.tpl',
- 'modules_reupload');
+ return array(null, 'modules/reupload/templates/ReuploadPhotoOption.tpl',
+ 'modules_reupload');
}
/**
* @see ItemEditOption::isAppropriate
*/
function isAppropriate($item, $thumbnail) {
- return array(null,
- GalleryUtilities::isA($item, 'GalleryPhotoItem'));
+ return array(null, GalleryUtilities::isA($item, 'GalleryPhotoItem'));
+ }
+
+ /**
+ * Determine if item is part of a linked(replica) set.
+ * @param GalleryItem $item
+ * @return array GalleryStatus a status code
+ * bool true if linked
+ * @access private
+ */
+ function _hasLinkedEntity($item) {
+ $hasLink = $item->isLinked();
+ if (!$hasLink) {
+ list ($ret, $linkedIds) = GalleryCoreApi::fetchEntitiesLinkedTo($item->getId());
+ if ($ret) {
+ return array($ret, null);
+ }
+ $hasLink = !empty($linkedIds);
+ }
+ return array(null, $hasLink);
}
}
?>
--- modules/reupload/templates/ReuploadPhotoOption.tpl 2007-10-17 13:49:58.000000000 +0000
+++ modules/reupload/templates/ReuploadPhotoOption.tpl 2007-10-17 13:51:25.000000000 +0000
@@ -1,5 +1,5 @@
{*
- * $Revision: 1.2 $
+ * $Revision: 16994 $
* If you want to customize this file, do not edit it directly since future upgrades
* may overwrite it. Instead, copy it into a new directory called "local" and edit that
* version. Gallery will look for that file first and use it if it exists.
@@ -16,6 +16,9 @@
{g->text text="Upload a new revision of this picture instead of the old one."}
</p>
+ {if $ReuploadPhotoOption.hasLinkedEntity}
+ <b>{g->text text="You cannot reupload this item because it shares its data file with other items."}</b>
+ {else}
{if $ReuploadPhotoOption.maxFileSize != 0}
<p class="giDescription">
{g->text text="<b>Note:</b> The new file cannot be larger than %s. If you want to upload a larger file you must ask your system administrator to allow larger uploads."
@@ -44,4 +47,5 @@
</div>
{/if}
{/if}
+ {/if}
</div>
signature.asc
Description: Digital signature
