found 595248 0.7.3-3 tags 595248 + pending thanks Le vendredi 03 septembre 2010 à 16:53 +0200, Olivier Berger a écrit :
> I'm not so sure the whole of the patch proposed by the Mantis team is > completely justified, and here's another alternative (shorter but > sufficiant I think). Still waiting for some opinion of upstream on this. > > Any comments ? > There's even a shorter version of the patch, provided by Raphael Geissert (attached). I've asked the security team to upload an updated 0.7.3 package for squeeze/testing-security, and I'll prepare a version for 0.9.5 for unstable. Best regards, -- Olivier BERGER <olivier.ber...@it-sudparis.eu> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
diff --git a/lib/class.wsdl.php b/lib/class.wsdl.php
index f435e54..81117db 100644
--- a/lib/class.wsdl.php
+++ b/lib/class.wsdl.php
@@ -742,13 +742,13 @@ class wsdl extends nusoap_base {
function webDescription(){
global $HTTP_SERVER_VARS;
- if (isset($_SERVER)) {
- $PHP_SELF = $_SERVER['PHP_SELF'];
- } elseif (isset($HTTP_SERVER_VARS)) {
- $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
- } else {
- $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available");
- }
+ /* if (isset($_SERVER)) { */
+ /* $PHP_SELF = $_SERVER['PHP_SELF']; */
+ /* } elseif (isset($HTTP_SERVER_VARS)) { */
+ /* $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; */
+ /* } else { */
+ /* $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available"); */
+ /* } */
$b = '
<html><head><title>NuSOAP: '.$this->serviceName.'</title>
@@ -829,7 +829,7 @@ class wsdl extends nusoap_base {
<br><br>
<div class=title>'.$this->serviceName.'</div>
<div class=nav>
- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
+ <p>View the <a href="?wsdl">WSDL</a> for the service.
Click on an operation name to view it's details.</p>
<ul>';
foreach($this->getOperations() as $op => $data){
diff --git a/lib/nusoap.php b/lib/nusoap.php
index a6dd21d..39175a2 100644
--- a/lib/nusoap.php
+++ b/lib/nusoap.php
@@ -5221,13 +5221,13 @@ class wsdl extends nusoap_base {
function webDescription(){
global $HTTP_SERVER_VARS;
- if (isset($_SERVER)) {
- $PHP_SELF = $_SERVER['PHP_SELF'];
- } elseif (isset($HTTP_SERVER_VARS)) {
- $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
- } else {
- $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available");
- }
+ /* if (isset($_SERVER)) { */
+ /* $PHP_SELF = $_SERVER['PHP_SELF']; */
+ /* } elseif (isset($HTTP_SERVER_VARS)) { */
+ /* $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; */
+ /* } else { */
+ /* $this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available"); */
+ /* } */
$b = '
<html><head><title>NuSOAP: '.$this->serviceName.'</title>
@@ -5308,7 +5308,7 @@ class wsdl extends nusoap_base {
<br><br>
<div class=title>'.$this->serviceName.'</div>
<div class=nav>
- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
+ <p>View the <a href="?wsdl">WSDL</a> for the service.
Click on an operation name to view it's details.</p>
<ul>';
foreach($this->getOperations() as $op => $data){
signature.asc
Description: This is a digitally signed message part
