diff options
Diffstat (limited to 'www/typolight26/patches/patch-ad')
| -rw-r--r-- | www/typolight26/patches/patch-ad | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/www/typolight26/patches/patch-ad b/www/typolight26/patches/patch-ad new file mode 100644 index 00000000000..c9552de9887 --- /dev/null +++ b/www/typolight26/patches/patch-ad @@ -0,0 +1,52 @@ +$NetBSD: patch-ad,v 1.1.2.2 2009/12/20 09:41:38 tron Exp $ + +* Security fix: + http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html + +--- typolight/ftp.php.orig 2008-12-13 15:27:05.000000000 +0000 ++++ typolight/ftp.php +@@ -88,6 +88,9 @@ class FtpCheck extends Controller + */ + if ($this->Input->post('FORM_SUBMIT') == 'tl_login') + { ++ $_SESSION['TL_INSTALL_AUTH'] = ''; ++ $_SESSION['TL_INSTALL_EXPIRE'] = 0; ++ + $password = sha1($this->Input->post('password', true)); + + if (strlen($password) && $password != 'da39a3ee5e6b4b0d3255bfef95601890afd80709') +@@ -95,7 +98,10 @@ class FtpCheck extends Controller + // Set cookie + if ($password == $GLOBALS['TL_CONFIG']['installPassword']) + { +- $this->setCookie('TL_INSTALL_AUTH', md5($this->Environment->ip.session_id()), (time()+300), $GLOBALS['TL_CONFIG']['websitePath']); ++ $_SESSION['TL_INSTALL_EXPIRE'] = (time() + 300); ++ $_SESSION['TL_INSTALL_AUTH'] = md5(uniqid('', true) . $this->Environment->ip . session_id()); ++ ++ $this->setCookie('TL_INSTALL_AUTH', $_SESSION['TL_INSTALL_AUTH'], $_SESSION['TL_INSTALL_EXPIRE'], $GLOBALS['TL_CONFIG']['websitePath']); + $this->Config->update("\$GLOBALS['TL_CONFIG']['installCount']", 0); + + $this->reload(); +@@ -109,14 +115,20 @@ class FtpCheck extends Controller + } + + // Check cookie +- if (!$this->Input->cookie('TL_INSTALL_AUTH')) ++ if (!$this->Input->cookie('TL_INSTALL_AUTH') || $_SESSION['TL_INSTALL_AUTH'] == '' || $this->Input->cookie('TL_INSTALL_AUTH') != $_SESSION['TL_INSTALL_AUTH'] || $_SESSION['TL_INSTALL_EXPIRE'] < time()) + { + $this->Template->login = true; + $this->outputAndExit(); + } + + // Renew cookie +- $this->setCookie('TL_INSTALL_AUTH', md5($this->Environment->ip.session_id()), (time()+300), $GLOBALS['TL_CONFIG']['websitePath']); ++ else ++ { ++ $_SESSION['TL_INSTALL_EXPIRE'] = (time() + 300); ++ $_SESSION['TL_INSTALL_AUTH'] = md5(uniqid('', true) . $this->Environment->ip . session_id()); ++ ++ $this->setCookie('TL_INSTALL_AUTH', $_SESSION['TL_INSTALL_AUTH'], $_SESSION['TL_INSTALL_EXPIRE'], $GLOBALS['TL_CONFIG']['websitePath']); ++ } + + + /** |