From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
installer/test.php | 23 ++++++++++-------------
1 files changed, 10 insertions(+), 13 deletions(-)
diff --git a/installer/test.php b/installer/test.php
index b118924..340fe26 100644
--- a/installer/test.php
+++ b/installer/test.php
@@ -38,13 +38,13 @@
if (is_array($messages['missing'])) {
echo '<h3 class="warning">Missing config options</h3>';
- echo '<p class="hint">The following config options are not present in the current configuration.<br/>';
- echo 'Please check the default config files and add the missing properties to your local config files.</p>';
-
- echo '<ul class="configwarings">';
+ echo '<p class="hint">The following config options are not set (not present or empty) in the current configuration.<br/>';
+ echo 'Please check the default config files and set the missing properties in your local config files.</p>';
+
+ echo '<ul class="configwarnings">';
foreach ($messages['missing'] as $msg) {
echo html::tag('li', null, html::span('propname', $msg['prop']) . ($msg['name'] ? ': ' . $msg['name'] : ''));
- }
+ }
echo '</ul>';
}
@@ -164,11 +164,9 @@
}
else if ($db_working && $_POST['updatedb']) {
- if (!($success = $RCI->update_db($DB, $_POST['version']))) {
- $updatefile = INSTALL_PATH . 'SQL/' . (isset($RCI->db_map[$DB->db_provider]) ? $RCI->db_map[$DB->db_provider] : $DB->db_provider) . '.update.sql';
- echo '<p class="warning">Please manually execute the SQL statements from '.$updatefile.' on your database.<br/>';
- echo 'See comments in the file and execute queries below the comment with the currently installed version number.</p>';
- }
+ if (!($success = $RCI->update_db($_POST['version']))) {
+ echo '<p class="warning">Database schema update failed.</p>';
+ }
}
// test database
@@ -183,9 +181,8 @@
$RCI->fail('DB Schema', "Database schema differs");
echo '<ul style="margin:0"><li>' . join("</li>\n<li>", $err) . "</li></ul>";
$select = $RCI->versions_select(array('name' => 'version'));
- echo '<p class="suggestion">You should run the update queries to get the schmea fixed.<br/><br/>Version to update from: ' . $select->show() . ' <input type="submit" name="updatedb" value="Update" /></p>';
-// echo '<p class="warning">Please manually execute the SQL statements from '.$updatefile.' on your database.<br/>';
-// echo 'See comments in the file and execute queries that are superscribed with the currently installed version number.</p>';
+ $select->add('0.9 or newer', '');
+ echo '<p class="suggestion">You should run the update queries to get the schema fixed.<br/><br/>Version to update from: ' . $select->show() . ' <input type="submit" name="updatedb" value="Update" /></p>';
$db_working = false;
}
else {
--
Gitblit v1.9.1