On Saturday 02 October 2010 01:06:41 Loui Chang wrote:
On Thu 30 Sep 2010 20:13 +0200, Lukas Fleischer wrote:
On Wed, Sep 29, 2010 at 03:35:24PM +0200, Manuel Tortosa wrote:
This introduces a remote file inclusion vulnerability allowing an
attacker to read arbitrary files since
On Thu 30 Sep 2010 20:13 +0200, Lukas Fleischer wrote:
On Wed, Sep 29, 2010 at 03:35:24PM +0200, Manuel Tortosa wrote:
This introduces a remote file inclusion vulnerability allowing an
attacker to read arbitrary files since $pkgbuild is not validated
before passing it to
On Wed, Sep 29, 2010 at 03:35:24PM +0200, Manuel Tortosa wrote:
This introduces a remote file inclusion vulnerability allowing an
attacker to read arbitrary files since $pkgbuild is not validated
before passing it to file_get_contents().
Don't apply this patch until everything is fixed,
Sorry last patch i sent will not work in your implementation as we use /lib
instead of ../lib, this new one will work in your case.
My apologies.
From 10ba3fa656bc4c59fc6d82f67dbed772e900dc47 Mon Sep 17 00:00:00 2001
From: Manuel Tortosa manutort...@gmail.com
Date: Wed, 29 Sep 2010 13:28:49
On Wed, Sep 29, 2010 at 01:38:36PM +0200, Manuel Tortosa wrote:
+// Getting variables
+if (!empty($HTTP_POST_VARS)) extract($HTTP_POST_VARS);
+if (!empty($HTTP_GET_VARS)) extract($HTTP_GET_VARS);
The use of $HTTP_POST_VARS and $HTTP_GET_VARS is deprecated and
highly discouraged. It won't even
On Wednesday 29 September 2010 14:42:30 Lukas Fleischer wrote:
On Wed, Sep 29, 2010 at 01:38:36PM +0200, Manuel Tortosa wrote:
+// Getting variables
+if (!empty($HTTP_POST_VARS)) extract($HTTP_POST_VARS);
+if (!empty($HTTP_GET_VARS)) extract($HTTP_GET_VARS);
The use of $HTTP_POST_VARS
On Wed 29 Sep 2010 13:38 +0200, Manuel Tortosa wrote:
Sorry last patch i sent will not work in your implementation as we use /lib
instead of ../lib, this new one will work in your case.
From 10ba3fa656bc4c59fc6d82f67dbed772e900dc47 Mon Sep 17 00:00:00 2001
From: Manuel Tortosa