Bug#457446: patch

[Thijs Kinkhorst]

tags 457446 +patch
thanks

Patch as received from maintainer.


Thijs

diff -u typo3-src-4.0.2+debian/debian/changelog typo3-src-4.0.2+debian/debian/changelog
--- typo3-src-4.0.2+debian/debian/changelog
+++ typo3-src-4.0.2+debian/debian/changelog
@@ -1,3 +1,10 @@
+typo3-src (4.0.2+debian-4) stable-security; urgency=high
+
+  * Fixed security problem "SQL Injection in system extension indexed_search"
+    (CVE-2007-6381) with patch taken from 4.0.8. (Closes: 457446)
+
+ -- Christian Welzel <[EMAIL PROTECTED]>  Sat, 22 Dec 2007 22:30:00 +0100
+
 typo3-src (4.0.2+debian-3) testing; urgency=medium
 
   * Fixed security problem "TYPO3 Security Bulletin 20070221-1: Email header
diff -u typo3-src-4.0.2+debian/debian/patches/00list typo3-src-4.0.2+debian/debian/patches/00list
--- typo3-src-4.0.2+debian/debian/patches/00list
+++ typo3-src-4.0.2+debian/debian/patches/00list
@@ -2,0 +3 @@
+03-SecBull-cve-2007-6381
only in patch2:
unchanged:
--- typo3-src-4.0.2+debian.orig/debian/patches/03-SecBull-cve-2007-6381.dpatch
+++ typo3-src-4.0.2+debian/debian/patches/03-SecBull-cve-2007-6381.dpatch
@@ -0,0 +1,32 @@
+#!/bin/sh /usr/share/dpatch/dpatch-run
+## 02-SecBull-20070221-1.dpatch by Christian Welzel <[EMAIL PROTECTED]>
+##
+## DP: fix for TYPO3 Security Bulletin 20070221-1: Email header injection
+
[EMAIL PROTECTED]@
+
+diff -Naur TYPO3_4-0-7/typo3/sysext/indexed_search/modfunc2/class.tx_indexedsearch_modfunc2.php TYPO3_4-0-8/typo3/sysext/indexed_search/modfunc2/class.tx_indexedsearch_modfunc2.php
+--- TYPO3_4-0-7/typo3/sysext/indexed_search/modfunc2/class.tx_indexedsearch_modfunc2.php	2006-03-22 02:11:50.000000000 +0100
++++ TYPO3_4-0-8/typo3/sysext/indexed_search/modfunc2/class.tx_indexedsearch_modfunc2.php	2007-12-10 19:51:50.000000000 +0100
+@@ -86,10 +86,10 @@
+ 	 * @return	string		html table with results
+ 	 */
+ 	function showStats()	{
+-		global $LANG,$HTTP_GET_VARS,$TYPO3_CONF_VARS;
++		global $LANG, $TYPO3_CONF_VARS;
+ 
+ 		$conf['words']=50;	// max words in result list
+-		$conf['bid']=$HTTP_GET_VARS['id'];	// pageid for several statistics
++		$conf['bid'] = intval(t3lib_div::_GET('id'));	// pageid for several statistics
+ 
+ 		$addwhere1='';	// all records
+ 		$addwhere2=' AND tstamp > '.(time()-30*24*60*60);	// last 30 days
+@@ -123,7 +123,7 @@
+ 
+ 		$queryParts['SELECT']= '*, COUNT(*) AS c';
+ 		$queryParts['FROM']='index_stat_word';
+-		$queryParts['WHERE']=sprintf('pageid= %s '.$addwhere, $conf['bid']);
++		$queryParts['WHERE']=sprintf('pageid= %d '.$addwhere, $conf['bid']);
+ 		$queryParts['GROUPBY']='word';
+ 		$queryParts['ORDERBY']='c DESC,word';
+ 		$queryParts['LIMIT']=$conf['words'];

pgp1QkidNN07I.pgp
Description: PGP signature