Skip to content

Commit 4fe8672

Browse files
committed
Clarified change log on php-gettext 1.0.12 update
1 parent b7250c7 commit 4fe8672

File tree

2 files changed

+116
-128
lines changed

2 files changed

+116
-128
lines changed

Diff for: ChangeLog

+3-16
Original file line numberDiff line numberDiff line change
@@ -3,22 +3,9 @@ Core:
33
* MK BI backend: Now prints an error message when trying to use it with
44
objects that are not aggregations.
55
* NDO MySQL backend: Filtering out legacy objects from DB (setting is_active filter)
6-
* FIX: A local exploitable security issue has been discovered in the php-gettext
7-
library which is used to make NagVis localizable on platforms which has no gettext
8-
support built into PHP.
9-
10-
A local user with privileges to create/modify the .mo files used by NagVis
11-
could modify a file in a way that it executes custom code with the privileges of
12-
the web server which is executing the NagVis code.
13-
14-
To more than 99% of NagVis installations (installed with the install.sh
15-
installer or OMD) this is no special threat because a user which is able to .mo
16-
files is able to modify the .php program files of NagVis. An attacker
17-
would rather modify the .php files directly instead of injecting it's code through
18-
the .mo files.
19-
20-
However, to fix this for most installations minor issue, we included php-gettext
21-
in version 1.0.12 with this release which fixes the issue.
6+
* FIX: Updated php-gettext to 1.0.12 and commented out unused code because it contains
7+
some exploitable PHP code which could be used to inject code using modified .mo files.
8+
However, NagVis has never used these functions, so was never affected by this issue.
229

2310
Frontend:
2411
* FIX: Fixed error in ad-hoc automaps (Network Topology in Check_MK) during state updates

Diff for: share/server/core/ext/php-gettext-1.0.12/gettext.php

+113-112
Original file line numberDiff line numberDiff line change
@@ -275,72 +275,73 @@ function translate($string) {
275275
* @access private
276276
* @return string sanitized plural form expression
277277
*/
278-
function sanitize_plural_expression($expr) {
279-
// Get rid of disallowed characters.
280-
$expr = preg_replace('@[^a-zA-Z0-9_:;\(\)\?\|\&=!<>+*/\%-]@', '', $expr);
281-
282-
// Add parenthesis for tertiary '?' operator.
283-
$expr .= ';';
284-
$res = '';
285-
$p = 0;
286-
for ($i = 0; $i < strlen($expr); $i++) {
287-
$ch = $expr[$i];
288-
switch ($ch) {
289-
case '?':
290-
$res .= ' ? (';
291-
$p++;
292-
break;
293-
case ':':
294-
$res .= ') : (';
295-
break;
296-
case ';':
297-
$res .= str_repeat( ')', $p) . ';';
298-
$p = 0;
299-
break;
300-
default:
301-
$res .= $ch;
302-
}
303-
}
304-
return $res;
305-
}
278+
//function sanitize_plural_expression($expr) {
279+
// // Get rid of disallowed characters.
280+
// $expr = preg_replace('@[^a-zA-Z0-9_:;\(\)\?\|\&=!<>+*/\%-]@', '', $expr);
281+
282+
// // Add parenthesis for tertiary '?' operator.
283+
// $expr .= ';';
284+
// $res = '';
285+
// $p = 0;
286+
// for ($i = 0; $i < strlen($expr); $i++) {
287+
// $ch = $expr[$i];
288+
// switch ($ch) {
289+
// case '?':
290+
// $res .= ' ? (';
291+
// $p++;
292+
// break;
293+
// case ':':
294+
// $res .= ') : (';
295+
// break;
296+
// case ';':
297+
// $res .= str_repeat( ')', $p) . ';';
298+
// $p = 0;
299+
// break;
300+
// default:
301+
// $res .= $ch;
302+
// }
303+
// }
304+
// return $res;
305+
//}
306306

307307
/**
308308
* Parse full PO header and extract only plural forms line.
309309
*
310310
* @access private
311311
* @return string verbatim plural form header field
312312
*/
313-
function extract_plural_forms_header_from_po_header($header) {
314-
if (preg_match("/(^|\n)plural-forms: ([^\n]*)\n/i", $header, $regs))
315-
$expr = $regs[2];
316-
else
317-
$expr = "nplurals=2; plural=n == 1 ? 0 : 1;";
318-
return $expr;
319-
}
313+
//function extract_plural_forms_header_from_po_header($header) {
314+
// if (preg_match("/(^|\n)plural-forms: ([^\n]*)\n/i", $header, $regs))
315+
// $expr = $regs[2];
316+
// else
317+
// $expr = "nplurals=2; plural=n == 1 ? 0 : 1;";
318+
// return $expr;
319+
//}
320320

321321
/**
322322
* Get possible plural forms from MO header
323323
*
324324
* @access private
325325
* @return string plural form header
326326
*/
327-
function get_plural_forms() {
328-
// lets assume message number 0 is header
329-
// this is true, right?
330-
$this->load_tables();
331-
332-
// cache header field for plural forms
333-
if (! is_string($this->pluralheader)) {
334-
if ($this->enable_cache) {
335-
$header = $this->cache_translations[""];
336-
} else {
337-
$header = $this->get_translation_string(0);
338-
}
339-
$expr = $this->extract_plural_forms_header_from_po_header($header);
340-
$this->pluralheader = $this->sanitize_plural_expression($expr);
341-
}
342-
return $this->pluralheader;
343-
}
327+
//function get_plural_forms() {
328+
// // lets assume message number 0 is header
329+
// // this is true, right?
330+
// $this->load_tables();
331+
332+
// // cache header field for plural forms
333+
// if (! is_string($this->pluralheader)) {
334+
// if ($this->enable_cache) {
335+
// $header = $this->cache_translations[""];
336+
// } else {
337+
// $header = $this->get_translation_string(0);
338+
// }
339+
// print($header);
340+
// $expr = $this->extract_plural_forms_header_from_po_header($header);
341+
// $this->pluralheader = $this->sanitize_plural_expression($expr);
342+
// }
343+
// return $this->pluralheader;
344+
//}
344345

345346
/**
346347
* Detects which plural form to take
@@ -349,23 +350,23 @@ function get_plural_forms() {
349350
* @param n count
350351
* @return int array index of the right plural form
351352
*/
352-
function select_string($n) {
353-
if (!is_int($n)) {
354-
throw new InvalidArgumentException(
355-
"Select_string only accepts integers: " . $n);
356-
}
357-
$string = $this->get_plural_forms();
358-
$string = str_replace('nplurals',"\$total",$string);
359-
$string = str_replace("n",$n,$string);
360-
$string = str_replace('plural',"\$plural",$string);
361-
362-
$total = 0;
363-
$plural = 0;
364-
365-
eval("$string");
366-
if ($plural >= $total) $plural = $total - 1;
367-
return $plural;
368-
}
353+
//function select_string($n) {
354+
// if (!is_int($n)) {
355+
// throw new InvalidArgumentException(
356+
// "Select_string only accepts integers: " . $n);
357+
// }
358+
// $string = $this->get_plural_forms();
359+
// $string = str_replace('nplurals',"\$total",$string);
360+
// $string = str_replace("n",$n,$string);
361+
// $string = str_replace('plural',"\$plural",$string);
362+
363+
// $total = 0;
364+
// $plural = 0;
365+
366+
// eval("$string");
367+
// if ($plural >= $total) $plural = $total - 1;
368+
// return $plural;
369+
//}
369370

370371
/**
371372
* Plural version of gettext
@@ -376,40 +377,40 @@ function select_string($n) {
376377
* @param string number
377378
* @return translated plural form
378379
*/
379-
function ngettext($single, $plural, $number) {
380-
if ($this->short_circuit) {
381-
if ($number != 1)
382-
return $plural;
383-
else
384-
return $single;
385-
}
386-
387-
// find out the appropriate form
388-
$select = $this->select_string($number);
389-
390-
// this should contains all strings separated by NULLs
391-
$key = $single . chr(0) . $plural;
392-
393-
394-
if ($this->enable_cache) {
395-
if (! array_key_exists($key, $this->cache_translations)) {
396-
return ($number != 1) ? $plural : $single;
397-
} else {
398-
$result = $this->cache_translations[$key];
399-
$list = explode(chr(0), $result);
400-
return $list[$select];
401-
}
402-
} else {
403-
$num = $this->find_string($key);
404-
if ($num == -1) {
405-
return ($number != 1) ? $plural : $single;
406-
} else {
407-
$result = $this->get_translation_string($num);
408-
$list = explode(chr(0), $result);
409-
return $list[$select];
410-
}
411-
}
412-
}
380+
//function ngettext($single, $plural, $number) {
381+
// if ($this->short_circuit) {
382+
// if ($number != 1)
383+
// return $plural;
384+
// else
385+
// return $single;
386+
// }
387+
388+
// // find out the appropriate form
389+
// $select = $this->select_string($number);
390+
391+
// // this should contains all strings separated by NULLs
392+
// $key = $single . chr(0) . $plural;
393+
394+
395+
// if ($this->enable_cache) {
396+
// if (! array_key_exists($key, $this->cache_translations)) {
397+
// return ($number != 1) ? $plural : $single;
398+
// } else {
399+
// $result = $this->cache_translations[$key];
400+
// $list = explode(chr(0), $result);
401+
// return $list[$select];
402+
// }
403+
// } else {
404+
// $num = $this->find_string($key);
405+
// if ($num == -1) {
406+
// return ($number != 1) ? $plural : $single;
407+
// } else {
408+
// $result = $this->get_translation_string($num);
409+
// $list = explode(chr(0), $result);
410+
// return $list[$select];
411+
// }
412+
// }
413+
//}
413414

414415
function pgettext($context, $msgid) {
415416
$key = $context . chr(4) . $msgid;
@@ -421,16 +422,16 @@ function pgettext($context, $msgid) {
421422
}
422423
}
423424

424-
function npgettext($context, $singular, $plural, $number) {
425-
$key = $context . chr(4) . $singular;
426-
$ret = $this->ngettext($key, $plural, $number);
427-
if (strpos($ret, "\004") !== FALSE) {
428-
return $singular;
429-
} else {
430-
return $ret;
431-
}
425+
//function npgettext($context, $singular, $plural, $number) {
426+
// $key = $context . chr(4) . $singular;
427+
// $ret = $this->ngettext($key, $plural, $number);
428+
// if (strpos($ret, "\004") !== FALSE) {
429+
// return $singular;
430+
// } else {
431+
// return $ret;
432+
// }
432433

433-
}
434+
//}
434435
}
435436

436437
?>

0 commit comments

Comments
 (0)