Package: gallery2
Version: 2.3-1
Severity: grave
Justification: renders package unusable
in this file : lib/smarty/Smarty_Compiler.class.php
you have change :
1698c1698,1703
< $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
---
>
> // The follwoing line has been replaced to close a function injection
> security
hole (U.Tews)
> // $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
> $_return = str_replace('"',"'",$_return);
> // escape dollar sign if not printing a var
> $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
but now in generated .php file we have parse errors (Parse error: syntax error,
unexpected T_STRING, expecting ')') because all " char was replace by ' char
and for example
we find var="it's an example" in smarty template and that generate var='it's an
example' in .php
file :-(
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (900, 'stable'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gallery2 depends on:
ii apache2 2.2.9-10+lenny4 Apache HTTP Server metapackage
ii apache2-mpm-pre 2.2.9-10+lenny4 Apache HTTP Server - traditional n
ii debconf [debcon 1.5.24 Debian configuration management sy
ii imagemagick 7:6.3.7.9.dfsg2-1~lenny3 image manipulation programs
ii libapache2-mod- 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripti
ii libphp-adodb 5.05-1 The ADOdb database abstraction lay
ii mysql-client-5. 5.0.51a-24+lenny2 MySQL database client binaries
ii netpbm 2:10.0-12 Graphics conversion tools
ii php5 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripti
ii php5-mysql 5.2.6.dfsg.1-1+lenny3 MySQL module for php5
ii smarty 2.6.20-1.2 Template engine for PHP
ii wwwconfig-commo 0.1.2 Debian web auto configuration
Versions of packages gallery2 recommends:
ii dcraw 8.86-1 decode raw digital camera images
ii ffmpeg 0.svn20080206-18 multimedia player, server and enco
ii jhead 2.84-2 manipulate the non-image part of E
ii libjpeg-progs 6b-14 Programs for manipulating JPEG fil
ii php5-gd 5.2.6.dfsg.1-1+lenny3 GD module for php5
ii unzip 5.52-12 De-archiver for .zip files
ii zip 2.32-1 Archiver for .zip files
Versions of packages gallery2 suggests:
ii mysql-server 5.0.51a-24+lenny2 MySQL database server (metapackage
ii mysql-server-5.0 [mysq 5.0.51a-24+lenny2 MySQL database server binaries
-- debconf information:
gallery2/webserver_type: apache, apache-ssl, apache-perl, apache2
gallery2/mysql/configure: true
* gallery2/restart-webserver: false
gallery2/mysql/dbname: gallery2
* gallery2/mysql/dbserver: localhost
gallery2/purge: true
* gallery2/mysql/dbadmin: root
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
