[Mahara-contributors] [Bug 1508684] Re: Unserialize untrusted data when importing skins

Sun, 10 Jul 2016 22:02:05 -0700 

** Changed in: mahara/16.04
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask 
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1508684

Title:
  Unserialize untrusted data when importing skins

Status in Mahara:
  Fix Committed
Status in Mahara 15.04 series:
  Fix Committed
Status in Mahara 15.10 series:
  Fix Released
Status in Mahara 16.04 series:
  Fix Released

Bug description:
  Version: 1.10, 15.04. 15.10, master
  Platform: any

  There is a unserialize vulnerability in skin import function

  see line 200 in htdocs/skin/import.php

  When importing the attached skin, you will see the error:

  [WAR] ce (lib/web.php:3684) Object of class __PHP_Incomplete_Class could not 
be converted to string
  Call stack (most recent first):
  log_message("Object of class __PHP_Incomplete_Class could not b...", 8, true, 
true, "/var/www/mahara/master/htdocs/lib/web.php", 3684) at 
/var/www/mahara/master/htdocs/lib/errors.php:441
  error(4096, "Object of class __PHP_Incomplete_Class could not b...", 
"/var/www/mahara/master/htdocs/lib/web.php", 3684, array(size 5)) at 
/var/www/mahara/master/htdocs/lib/web.php:3684
  clean_css(object(__PHP_Incomplete_Class), true) at 
/var/www/mahara/master/htdocs/skin/import.php:200
  importskinform_submit(object(Pieform), array(size 4)) at Unknown:0
  call_user_func_array("importskinform_submit", array(size 2)) at 
/var/www/mahara/master/htdocs/lib/pieforms/pieform.php:537
  Pieform->__construct(array(size 4)) at 
/var/www/mahara/master/htdocs/lib/pieforms/pieform.php:164
  Pieform::process(array(size 4)) at 
/var/www/mahara/master/htdocs/lib/pieforms/pieform.php:71
  pieform(array(size 4)) at /var/www/mahara/master/htdocs/skin/import.php:64

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1508684/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to     : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help   : https://help.launchpad.net/ListHelp

Reply via email to