mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

* Fix SQL injection for comment.php used in read-context.

Browse Source 
(Thanks to High-Tech Bridge SA Security Release Lab, Advisory HTB23092)
This commit is contained in:
Garvin Hicking 2012-05-16 11:59:02 +02:00
parent d6c527e422
commit 7b552d2df9
2 changed files with 7 additions and 1 deletions

6
docs/NEWS

@ -69,6 +69,12 @@ Version 1.7 ()
that the baseURL is not overriden when configuring serendipity that the baseURL is not overriden when configuring serendipity
with a possibly autodetected currentl URL. Patch by Manko10. with a possibly autodetected currentl URL. Patch by Manko10.
Version 1.6.2 (May 16th, 2012)
------------------------------------------------------------------------
* Fix SQL injection for comment.php used in read-context.
(Thanks to High-Tech Bridge SA Security Release Lab, Advisory HTB23092)
Version 1.6.1 (May 8th, 2012) Version 1.6.1 (May 8th, 2012)
------------------------------------------------------------------------ ------------------------------------------------------------------------

2
include/functions_trackbacks.inc.php

@ -364,7 +364,7 @@ function add_trackback ($id, $title, $url, $name, $excerpt) {
if ($id>0) { if ($id>0) {
// first check, if we already have this pingback // first check, if we already have this pingback
$comments = serendipity_fetchComments($id,1,'co.id',true,'TRACKBACK'," AND co.url='$url'"); $comments = serendipity_fetchComments($id,1,'co.id',true,'TRACKBACK'," AND co.url='" . serendipity_db_escape_string($url) . "'");
if (is_array($comments) && sizeof($comments) == 1) { if (is_array($comments) && sizeof($comments) == 1) {
log_pingback("We already have that TRACKBACK!"); log_pingback("We already have that TRACKBACK!");
return 0; // We already have it! return 0; // We already have it!