~ubuntu-branches/ubuntu/natty/mantis/natty-updates
» Revision
18
: debian/patches/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
« back to all changes in this revision
Viewing changes to debian/patches/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
- browse files at revision 18
- compare with another revision
- download diff
- download tarball
- view history from revision 18
- Committer: Package Import Robot
- Author(s): Marc Deslauriers
- Date: 2011-09-15 08:13:36 UTC
- Revision ID: package-import@ubuntu.com-20110915081336-vyi8dvujbfimq0jh
Tags: 1.1.8+dfsg-10squeeze1build0.11.04.1
fake sync from Debian
- files added:
- .pc/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
- .pc/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff/core
- .pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff
- .pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff/core
- files modified:
- .pc/applied-patches
added
removed
debian/patches/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff
1
#
2
# Description: LFI and XSS via group actions 1
3
# Implements checking to see which options are available
4
# to the user for the issues which are currently shown on
5
# view bug pages. Options are only displayed in the
6
# dropdown list if the user is able to use the option on at
7
# least one of the bugs displayed.
8
# Author: David Hicks <d@hx.id.au>
9
# Bug: http://www.mantisbt.org/bugs/view.php?id=13281
10
# Last-Update: 2011-09-05
11
#
12
Index: mantis/core/columns_api.php
13
===================================================================
14
--- mantis.orig/core/columns_api.php 2011-09-06 07:43:27.409465292 +0200
15
+++ mantis/core/columns_api.php 2011-09-06 07:43:59.402065926 +0200
16
@@ -383,11 +383,23 @@
17
# $p_columns_target: see COLUMNS_TARGET_* in constant_inc.php
18
function print_column_selection( $p_row, $p_columns_target = COLUMNS_TARGET_VIEW_PAGE ) {
19
if ( $p_columns_target != COLUMNS_TARGET_CSV_PAGE ) {
20
- global $t_checkboxes_exist, $t_update_bug_threshold;
21
-
22
+ global $g_checkboxes_exist;
23
echo '<td>';
24
- if ( access_has_bug_level( $t_update_bug_threshold, $p_row['id'] ) ) {
25
- $t_checkboxes_exist = true;
26
+ if( access_has_any_project( config_get( 'report_bug_threshold', null, null, $p_bug->project_id ) ) ||
27
+ # !TODO: check if any other projects actually exist for the bug to be moved to
28
+ access_has_project_level( config_get( 'move_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
29
+ # !TODO: factor in $g_auto_set_status_to_assigned == ON
30
+ access_has_project_level( config_get( 'update_bug_assign_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
31
+ access_has_project_level( config_get( 'update_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
32
+ access_has_project_level( config_get( 'delete_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
33
+ # !TODO: check to see if the bug actually has any different selectable workflow states
34
+ access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
35
+ access_has_project_level( config_get( 'set_bug_sticky_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
36
+ access_has_project_level( config_get( 'change_view_status_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
37
+ access_has_project_level( config_get( 'add_bugnote_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
38
+ access_has_project_level( config_get( 'tag_attach_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
39
+ access_has_project_level( config_get( 'roadmap_update_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ) {
40
+ $g_checkboxes_exist = true;
41
printf( "<input type=\"checkbox\" name=\"bug_arr[]\" value=\"%d\" />" , $p_row['id'] );
42
} else {
43
echo " ";
44
Index: mantis/core/print_api.php
45
===================================================================
46
--- mantis.orig/core/print_api.php 2011-09-06 07:43:59.330064579 +0200
47
+++ mantis/core/print_api.php 2011-09-06 07:43:59.406066005 +0200
48
@@ -28,6 +28,7 @@
49
require_once( $t_core_dir . 'prepare_api.php' );
50
require_once( $t_core_dir . 'profile_api.php' );
51
require_once( $t_core_dir . 'last_visited_api.php' );
52
+ require_once( $t_core_dir . 'bug_group_action_api.php' );
53
54
### Print API ###
55
56
@@ -1001,67 +1002,20 @@
57
} # end for
58
}
59
# --------------------
60
- # @@@ preliminary support for multiple bug actions.
61
- function print_all_bug_action_option_list() {
62
- $commands = array( 'MOVE' => lang_get('actiongroup_menu_move'),
63
- 'COPY' => lang_get('actiongroup_menu_copy'),
64
- 'ASSIGN' => lang_get('actiongroup_menu_assign'),
65
- 'CLOSE' => lang_get('actiongroup_menu_close'),
66
- 'DELETE' => lang_get('actiongroup_menu_delete'),
67
- 'RESOLVE' => lang_get('actiongroup_menu_resolve'),
68
- 'SET_STICKY' => lang_get( 'actiongroup_menu_set_sticky' ),
69
- 'UP_PRIOR' => lang_get('actiongroup_menu_update_priority'),
70
- 'UP_STATUS' => lang_get('actiongroup_menu_update_status'),
71
- 'UP_CATEGORY' => lang_get('actiongroup_menu_update_category'),
72
- 'VIEW_STATUS' => lang_get( 'actiongroup_menu_update_view_status' ),
73
- 'EXT_ADD_NOTE' => lang_get( 'actiongroup_menu_add_note' ),
74
- 'EXT_ATTACH_TAGS' => lang_get( 'actiongroup_menu_attach_tags' ),
75
- );
76
-
77
- $t_project_id = helper_get_current_project();
78
-
79
- if ( ALL_PROJECTS != $t_project_id ) {
80
- $t_user_id = auth_get_current_user_id();
81
-
82
- if ( access_has_project_level( config_get( 'update_bug_threshold' ), $t_project_id ) ) {
83
- $commands['UP_FIXED_IN_VERSION'] = lang_get( 'actiongroup_menu_update_fixed_in_version' );
84
- }
85
-
86
- if ( access_has_project_level( config_get( 'roadmap_update_threshold' ), $t_project_id ) ) {
87
- $commands['UP_TARGET_VERSION'] = lang_get( 'actiongroup_menu_update_target_version' );
88
- }
89
-
90
- $t_custom_field_ids = custom_field_get_linked_ids( $t_project_id );
91
-
92
- foreach( $t_custom_field_ids as $t_custom_field_id ) {
93
- # if user has not access right to modify the field, then there is no
94
- # point in showing it.
95
- if ( !custom_field_has_write_access_to_project( $t_custom_field_id, $t_project_id, $t_user_id ) ) {
96
- continue;
97
- }
98
-
99
- $t_custom_field_def = custom_field_get_definition( $t_custom_field_id );
100
- $t_command_id = 'custom_field_' . $t_custom_field_id;
101
- $t_command_caption = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );
102
- $commands[$t_command_id] = string_display( $t_command_caption );
103
- }
104
+ /**
105
+ * Print a dropdown list of all bug actions available to a user for a specified
106
+ * set of projects.
107
+ * @param array $p_projects An array containing one or more project IDs
108
+ * @return null
109
+ */
110
+ function print_all_bug_action_option_list( $p_project_ids = null ) {
111
+ $t_commands = bug_group_action_get_commands( $p_project_ids);
112
+ while( list( $t_action_id, $t_action_label ) = each( $t_commands ) ) {
113
+ echo '<option value="' . $t_action_id . '">' . $t_action_label . '</option>';
114
}
115
+ }
116
117
- $t_custom_group_actions = config_get( 'custom_group_actions' );
118
-
119
- foreach( $t_custom_group_actions as $t_custom_group_action ) {
120
- # use label if provided to get the localized text, otherwise fallback to action name.
121
- if ( isset( $t_custom_group_action['label'] ) ) {
122
- $commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['label'] );
123
- } else {
124
- $commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['action'] );
125
- }
126
- }
127
128
- while (list ($key,$val) = each ($commands)) {
129
- PRINT "<option value=\"".$key."\">".$val."</option>";
130
- }
131
- }
132
# --------------------
133
# list of users that are NOT in the specified project and that are enabled
134
# if no project is specified use the current project
135
Index: mantis/core/bug_group_action_api.php
136
===================================================================
137
--- mantis.orig/core/bug_group_action_api.php 2011-09-06 07:43:27.425465594 +0200
138
+++ mantis/core/bug_group_action_api.php 2011-09-06 07:45:24.127656147 +0200
139
@@ -151,4 +151,126 @@
140
$t_function_name = 'action_' . $p_action . '_process';
141
return $t_function_name( $p_bug_id );
142
}
143
+
144
+/**
145
+ * Get a list of bug group actions available to the current user for one or
146
+ * more projects.
147
+ * @param array $p_projects An array containing one or more project IDs
148
+ * @return null
149
+ */
150
+function bug_group_action_get_commands( $p_project_ids = null ) {
151
+ if ( $p_project_ids === null || count( $p_project_ids ) == 0 ) {
152
+ $p_project_ids = array( ALL_PROJECTS );
153
+ }
154
+
155
+ $t_commands = array();
156
+ foreach( $p_project_ids as $t_project_id ) {
157
+
158
+ if( !isset( $t_commands['MOVE'] ) &&
159
+ access_has_project_level( config_get( 'move_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
160
+ $t_commands['MOVE'] = lang_get( 'actiongroup_menu_move' );
161
+ }
162
+
163
+ if( !isset( $t_commands['COPY'] ) &&
164
+ access_has_any_project( config_get( 'report_bug_threshold', null, null, $t_project_id ) ) ) {
165
+ $t_commands['COPY'] = lang_get( 'actiongroup_menu_copy' );
166
+ }
167
+
168
+ if( !isset( $t_commands['ASSIGN'] ) &&
169
+ access_has_project_level( config_get( 'update_bug_assign_threshold', null, null, $t_project_id ), $t_project_id ) ) {
170
+ if( ON == config_get( 'auto_set_status_to_assigned', null, null, $t_project_id ) &&
171
+ access_has_project_level( access_get_status_threshold( config_get( 'bug_assigned_status', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ) {
172
+ $t_commands['ASSIGN'] = lang_get( 'actiongroup_menu_assign' );
173
+ } else {
174
+ $t_commands['ASSIGN'] = lang_get( 'actiongroup_menu_assign' );
175
+ }
176
+ }
177
+
178
+ if( !isset( $t_commands['CLOSE'] ) &&
179
+ access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) &&
180
+ access_has_project_level( config_get( 'allow_reporter_close', null, null, $t_project_id ), $t_project_id ) ) {
181
+ $t_commands['CLOSE'] = lang_get( 'actiongroup_menu_close' );
182
+ }
183
+
184
+ if( !isset( $t_commands['DELETE'] ) &&
185
+ access_has_project_level( config_get( 'delete_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
186
+ $t_commands['DELETE'] = lang_get( 'actiongroup_menu_delete' );
187
+ }
188
+
189
+ if( !isset( $t_commands['RESOLVE'] ) &&
190
+ access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) &&
191
+ access_has_project_level( access_get_status_threshold( config_get( 'bug_resolved_status_threshold', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ) {
192
+ $t_commands['RESOLVE'] = lang_get( 'actiongroup_menu_resolve' );
193
+ }
194
+
195
+ if( !isset( $t_commands['SET_STICKY'] ) &&
196
+ access_has_project_level( config_get( 'set_bug_sticky_threshold', null, null, $t_project_id ), $t_project_id ) ) {
197
+ $t_commands['SET_STICKY'] = lang_get( 'actiongroup_menu_set_sticky' );
198
+ }
199
+
200
+ if( !isset( $t_commands['UP_PRIOR'] ) &&
201
+ access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
202
+ $t_commands['UP_PRIOR'] = lang_get( 'actiongroup_menu_update_priority' );
203
+ }
204
+
205
+ if( !isset( $t_commands['UP_STATUS'] ) &&
206
+ access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) ) {
207
+ $t_commands['UP_STATUS'] = lang_get( 'actiongroup_menu_update_status' );
208
+ }
209
+
210
+ if( !isset( $t_commands['UP_CATEGORY'] ) &&
211
+ access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
212
+ $t_commands['UP_CATEGORY'] = lang_get( 'actiongroup_menu_update_category' );
213
+ }
214
+
215
+ if( !isset( $t_commands['VIEW_STATUS'] ) &&
216
+ access_has_project_level( config_get( 'change_view_status_threshold', null, null, $t_project_id ), $t_project_id ) ) {
217
+ $t_commands['VIEW_STATUS'] = lang_get( 'actiongroup_menu_update_view_status' );
218
+ }
219
+
220
+ if( !isset( $t_commands['EXT_ADD_NOTE'] ) &&
221
+ access_has_project_level( config_get( 'add_bugnote_threshold', null, null, $t_project_id ), $t_project_id ) ) {
222
+ $t_commands['EXT_ADD_NOTE'] = lang_get( 'actiongroup_menu_add_note' );
223
+ }
224
+
225
+ if( !isset( $t_commands['EXT_ATTACH_TAGS'] ) &&
226
+ access_has_project_level( config_get( 'tag_attach_threshold', null, null, $t_project_id ), $t_project_id ) ) {
227
+ $t_commands['EXT_ATTACH_TAGS'] = lang_get( 'actiongroup_menu_attach_tags' );
228
+ }
229
+
230
+ if( !isset( $t_commands['UP_FIXED_IN_VERSION'] ) &&
231
+ access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
232
+ $t_commands['UP_FIXED_IN_VERSION'] = lang_get( 'actiongroup_menu_update_fixed_in_version' );
233
+ }
234
+
235
+ if( !isset( $t_commands['UP_TARGET_VERSION'] ) &&
236
+ access_has_project_level( config_get( 'roadmap_update_threshold', null, null, $t_project_id ), $t_project_id ) ) {
237
+ $t_commands['UP_TARGET_VERSION'] = lang_get( 'actiongroup_menu_update_target_version' );
238
+ }
239
+
240
+ $t_custom_field_ids = custom_field_get_linked_ids( $t_project_id );
241
+ foreach( $t_custom_field_ids as $t_custom_field_id ) {
242
+ if( !custom_field_has_write_access_to_project( $t_custom_field_id, $t_project_id ) ) {
243
+ continue;
244
+ }
245
+ $t_custom_field_def = custom_field_get_definition( $t_custom_field_id );
246
+ $t_command_id = 'custom_field_' . $t_custom_field_id;
247
+ $t_command_caption = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );
248
+ $t_commands[$t_command_id] = string_display( $t_command_caption );
249
+ }
250
+ }
251
+
252
+ $t_custom_group_actions = config_get( 'custom_group_actions' );
253
+
254
+ foreach( $t_custom_group_actions as $t_custom_group_action ) {
255
+ # use label if provided to get the localized text, otherwise fallback to action name.
256
+ if( isset( $t_custom_group_action['label'] ) ) {
257
+ $t_commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['label'] );
258
+ } else {
259
+ $t_commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['action'] );
260
+ }
261
+ }
262
+
263
+ return $t_commands;
264
+}
265
?>
266
Index: mantis/view_all_inc.php
267
===================================================================
268
--- mantis.orig/view_all_inc.php 2011-09-06 07:43:27.437465819 +0200
269
+++ mantis/view_all_inc.php 2011-09-06 07:43:59.406066005 +0200
270
@@ -38,10 +38,9 @@
271
list( $t_dir, ) = split( ',', $t_filter['dir'] );
272
}
273
274
- $t_checkboxes_exist = false;
275
+ $g_checkboxes_exist = false;
276
277
$t_icon_path = config_get( 'icon_path' );
278
- $t_update_bug_threshold = config_get( 'update_bug_threshold' );
279
280
$t_columns = helper_get_columns_to_view( COLUMNS_TARGET_VIEW_PAGE );
281
282
@@ -186,11 +185,11 @@
283
<tr>
284
<td class="left" colspan="<?php echo $col_count-2; ?>">
285
<?php
286
- if ( $t_checkboxes_exist && ON == config_get( 'use_javascript' ) ) {
287
+ if ( $g_checkboxes_exist && ON == config_get( 'use_javascript' ) ) {
288
echo "<input type=\"checkbox\" name=\"all_bugs\" value=\"all\" onclick=\"checkall('bug_action', this.form.all_bugs.checked)\" /><span class=\"small\">" . lang_get( 'select_all' ) . '</span>';
289
}
290
291
- if ( $t_checkboxes_exist ) {
292
+ if ( $g_checkboxes_exist ) {
293
?>
294
<select name="action">
295
<?php print_all_bug_action_option_list() ?>
Loggerhead is a web-based interface for Breezy
Version: 2.0.1