Attached is a patch I have prepared that backports the fix of this vulnerability to the version in sarge (4.52-1).
-- Cameron Dale
diff -Nur libphp-adodb-4.52/build-tree/adodb/adodb-pager.inc.php
libphp-adodb-4.52.new/build-tree/adodb/adodb-pager.inc.php
--- libphp-adodb-4.52/build-tree/adodb/adodb-pager.inc.php 2004-08-10
01:26:22.000000000 -0700
+++ libphp-adodb-4.52.new/build-tree/adodb/adodb-pager.inc.php 2006-03-24
15:52:38.000000000 -0800
@@ -60,7 +60,7 @@
global $HTTP_SERVER_VARS,$PHP_SELF,$HTTP_SESSION_VARS,$HTTP_GET_VARS;
$curr_page = $id.'_curr_page';
- if (empty($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
+ if (empty($PHP_SELF)) $PHP_SELF =
htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF']); // htmlspecialchars() to
prevent XSS attacks
$this->sql = $sql;
$this->id = $id;
@@ -70,7 +70,7 @@
$next_page = $id.'_next_page';
if (isset($HTTP_GET_VARS[$next_page])) {
- $HTTP_SESSION_VARS[$curr_page] =
$HTTP_GET_VARS[$next_page];
+ $HTTP_SESSION_VARS[$curr_page] = (integer)
$HTTP_GET_VARS[$next_page];
}
if (empty($HTTP_SESSION_VARS[$curr_page]))
$HTTP_SESSION_VARS[$curr_page] = 1; ## at first page
@@ -284,4 +284,4 @@
}
-?>
\ No newline at end of file
+?>
signature.asc
Description: Digital signature
