From c3094b8327bc217a0ad20a1d4121d9cbacb35ee4 Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Wed, 13 Jul 2005 13:49:15 +0000 Subject: [PATCH] backport a helpful fix --- docs/NEWS | 8 ++++++++ include/admin/entries.inc.php | 2 +- include/functions_entries.inc.php | 6 +++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/NEWS b/docs/NEWS index e0eadcf..aa62ce6 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -3,9 +3,17 @@ Version 0.8.3 () ------------------------------------------------------------------------ + * Fix editing a draft article to be properly displayed as draft + in PostgreSQL setups. Thanks to Penny Leach! (garvinhicking) + * Fixed possible XSS in comment input validation, thanks to Ilia Alshanetsky + * XML_RPC: Eliminate path disclosure vulnerabilities by suppressing + error messages when eval()'ing. Eliminate path disclosure + vulnerability by catching bogus parameters submitted + to XML_RPC_Value::serializeval(). (nohn) + Version 0.8.2 (June 29th, 2005) ------------------------------------------------------------------------ diff --git a/include/admin/entries.inc.php b/include/admin/entries.inc.php index 01b8f90..5e1e363 100644 --- a/include/admin/entries.inc.php +++ b/include/admin/entries.inc.php @@ -184,7 +184,7 @@ function serendipity_drawList() { $entry_pre = ''; } - if ($entry['isdraft'] == 'true') { + if (serendipity_db_bool($entry['isdraft'])) { $entry_pre .= ' ' . DRAFT . ': '; } ?> diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php index f787f66..3ac9ec0 100644 --- a/include/functions_entries.inc.php +++ b/include/functions_entries.inc.php @@ -999,7 +999,7 @@ function serendipity_updertEntry($entry) { return $res; } - if ($entry['isdraft'] == 'false') { + if (!serendipity_db_bool($entry['isdraft'])) { serendipity_plugin_api::hook_event('frontend_display', $entry, array('no_scramble' => true)); serendipity_handle_references($entry['id'], $serendipity['blogTitle'], $entry['title'], $entry['body'] . $entry['extended'], $newEntry); } @@ -1008,7 +1008,7 @@ function serendipity_updertEntry($entry) { // Send publish tags if either a new article has been inserted from scratch, or if the entry was previously // stored as draft and is now published - if ($entry['isdraft'] == 'false' && ($newEntry || $_entry['isdraft'] == 'true')) { + if (!serendipity_db_bool($entry['isdraft']) && ($newEntry || serendipity_db_bool($_entry['isdraft']))) { serendipity_plugin_api::hook_event('backend_publish', $entry, $newEntry); } else { serendipity_plugin_api::hook_event('backend_save', $entry, $newEntry); @@ -1126,7 +1126,7 @@ function serendipity_printEntryForm($targetURL, $hiddens = array(), $entry = arr serendipity_plugin_api::hook_event('backend_entryform', $entry); - if ( (isset($entry['isdraft']) && $entry['isdraft'] == 'true') || + if ( (isset($entry['isdraft']) && serendipity_db_bool($entry['isdraft'])) || (!isset($entry['isdraft']) && $serendipity['publishDefault'] == 'draft') ) { $draftD = ' selected="selected"'; } else { -- 2.39.5