From b59d5a8a89b65ac81e17dfedb53401900ce3322b Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Sun, 17 Jun 2007 10:46:06 +0000 Subject: [PATCH] Fix SQL injection reported by Dr. Neal Krawetz --- docs/NEWS | 21 ++++++++++++--------- include/functions_comments.inc.php | 2 +- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/docs/NEWS b/docs/NEWS index c8a4a9d..0f4a05f 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -1,19 +1,22 @@ # $Id$ -Version 1.1.3 () +Version 1.1.3 (June 17th, 2007) ------------------------------------------------------------------------ + * Fix SQL injection through 'commentMode' variable. Thanks to + Dr. Neal Krawetz + * Fix missing %username% permalink pattern in single entry view. Patch by cress_cc - -Version 1.1.2 () + +Version 1.1.2 (March 1st, 2007) ------------------------------------------------------------------------ * Fix showing SQL error message when an empty category is selected for viewing. Fixes an issue reported by Samenspender that was falsely declard as SQL injection. In fact, no invalid SQL code can be injected. (garvinhicking) - + * Better checks to see if the local PEAR inclusion is required (garvinhicking) @@ -27,7 +30,7 @@ Version 1.1.1 (February 22nd, 2007) * Patch pingback receiving function to use proper Regexp, thanks to dhaun from the forums - + * Make categories sidebar plugin properly return evaluated categories list to plugin_categories.tpl template. Currently, a hidden structure would only be displayed when not using custom template. @@ -36,19 +39,19 @@ Version 1.1.1 (February 22nd, 2007) * Change order of trackback execution flow (again) to preserve references for plugins like Track Exits, when used in conjunction with the entryproperties cache (garvinhicking) - + * Fixed a bug that prevented some entryproperty-plugins to execute on the entry detail pane. (garvinhicking, Dragonblast) * Fix a bug in sending the right login session cookies on Windows IIS servers. Major thanks to Shadowin from the forums! - + Version 1.1 (December 28th, 2006) ------------------------------------------------------------------------ * Fix better installer warning messages when directories have no write privileges and already exist. Thanks to wagwag! - + * Small bugfixes: Allow to use different login credentials than the current HTTP Basic-Auth, if used. Order categories by name in single entry view (garvinhicking) @@ -405,7 +408,7 @@ Version 1.0.4 (December 1st, 2006) * Fixed problem in trackbacks using a formatted link (like through trackexits plugin) to trackback to instead of the real one - + Version 1.0.3 (November 7th, 2006) ------------------------------------------------------------------------ diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php index 77e1dbb..5dfe2dc 100644 --- a/include/functions_comments.inc.php +++ b/include/functions_comments.inc.php @@ -312,7 +312,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace function serendipity_printCommentsByAuthor() { global $serendipity; - $type = $serendipity['GET']['commentMode']; + $type = serendipity_db_escape_string($serendipity['GET']['commentMode']); if ($type == 'comments' || empty($type)) { $type = 'NORMAL'; -- 2.39.5