Permalink
Commits on Sep 16, 2009
  1. Update copyright year

    jonjensen committed Sep 16, 2009
  2. Don't ignore case of passed options to compile_link.

    compile_link was confusing the -s socketfile option with the new -S status
    because Getopt::Long ignores option case by default.  This fixes the problem by
    passing the no_ignore_case config parameter to Getopt::Long.
    pajamian committed with jonjensen Aug 15, 2009
  3. Remove CVV2/CSC from default credit card encrypted block template

    The card security code should not be stored at all, even in encrypted
    form. This makes the default behavior compliant with section 3.2.2 of
    PCI-DSS 1.2:
    
    https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf
    
    It is of course still possible to manually supply a template that
    stores the card security code in violation of PCI-DSS requirements, so
    developers should review any custom credit card encryption templates
    to make sure that the CVV2 is not included, and purge it from any
    historical data they have stored.
    
    Thanks to Mark Lipscombe for calling attention to this.
    jonjensen committed Jun 19, 2009
  4. Fix two occasionally broken tests.

    Two tests of the [query] tag and built-in SQL parser relied on the results
    being returned in a particular, even though SQL's result sets are not ordered
    by default.
    
    Fixed this by specifying a sort order and setting the results to match.
    jonjensen committed Nov 16, 2008
  5. Note latest commits

    pajamian committed Sep 16, 2009
  6. check whether directory is allowed before, not after path expansion

    (cherry picked from commit 4f17bcc)
    (cherry picked from commit 09fe58f)
    racke committed with pajamian Sep 8, 2009
  7. Fix bug that didn't tolerate relative TemplateDir settings

    (cherry picked from commit 45471c4)
    (cherry picked from commit e61f8eb)
    jonjensen committed with pajamian Sep 8, 2009
  8. Disallow abuse of writes via ErrorFile when NoAbsolute is set

    Exploit reported by Peter Ajamian.
    (cherry picked from commit 9b6872c)
    (cherry picked from commit 5dd0cf2)
    jonjensen committed with pajamian Sep 8, 2009
  9. parse_dir_array: Validate paths for NoAbsolute etc.

    (cherry picked from commit 08a1fde)
    (cherry picked from commit 5ec0f91)
    jonjensen committed with pajamian Sep 8, 2009
  10. parse_relative_dir: Use standard absolute_or_relative() check

    Use standard routines to check for absolute or subdirectory-escaping
    paths instead of duplicate logic here.
    
    Remove comment that's somewhat misleading since relative paths are
    absolutized all over in other routines too.
    (cherry picked from commit 7fcf352)
    (cherry picked from 21283ad)
    jonjensen committed with pajamian Sep 8, 2009
  11. Make sure catalog TemplateDir directives are safe when NoAbsolute is set

    (cherry picked from commit 239f9a3)
    jonjensen committed with pajamian Sep 8, 2009
  12. Set $Vend::Cat as early as possible

    This solves a chicken-and-egg problem for configuration-time code that
    works fine once the catalog is fully configured.
    (cherry picked from commit 74803e2)
    (cherry picked from commit 58cb83e)
    jonjensen committed with pajamian Sep 8, 2009
  13. Prevent TemplateDir from circumventing NoAbsolute constraints

    Problem reported by Peter Ajamian.
    (cherry picked from commit f265e8a)
    (cherry picked from 6d618a6)
    jonjensen committed with pajamian Sep 2, 2009
  14. Move AllowedFileRegex from catalog into global configuration

    This prevents catalog-level tampering of the regular expression used for
    checking paths are allowed by NoAbsolute. It is set at startup time but
    before as a catalog configuration entry could be manipulated even in
    Safe page code.
    
    Problem reported by Peter Ajamian.
    
    (Cherry Picked from f34ce1b)
    jonjensen committed with pajamian Sep 2, 2009
Commits on Sep 15, 2009
  1. Sync manifest

    jonjensen committed Sep 15, 2009
  2. Fix remote disclosure security vulnerability

    Add new configuration option AllowRemoteSearch to selectively re-enable
    remote searches on "safe" tables. Defaults to products, variants and
    options.
    
    Please see UPGRADE for important information on upgrading your catalogs
    to prevent any problems.
    Mark Lipscombe committed with jonjensen Jul 8, 2009
Commits on Jun 27, 2009
Commits on Mar 27, 2009
Commits on Nov 12, 2008
Commits on Jul 28, 2008
Commits on Jun 16, 2008
  1. * Fix deficiency in Levies, where multiple handling modes separated b…

    …y null
    
      would not work as in the old subtotal calculation model.
    perusionmike committed Jun 16, 2008
Commits on Jun 5, 2008
Commits on Feb 25, 2008
Commits on Feb 6, 2008
  1. Fix misspelling.

    jonjensen committed Feb 6, 2008
  2. * Standard demo security bug fix.

    Kevin Walsh committed Feb 6, 2008
  3. * Fixed a security bug where an attacker could craft a URI that

          tricks Interchange into executing arbitrary Perl code.  The Perl
          code would be subject to the Safe constraints of course, but could
          still be devistating to the security of the target website.
    Kevin Walsh committed Feb 6, 2008
Commits on Aug 22, 2007
Commits on Jun 22, 2007
  1. removed code to build mod_interchange (Closes: #430097, thanks to Bas…

    …tian Blank
    
    <waldi@debian.org> for the report)
    racke committed Jun 22, 2007