Skip to content
Permalink
Browse files Browse the repository at this point in the history
prepare release 2.0.5
  • Loading branch information
garvinhicking committed Nov 28, 2016
1 parent 55d0cc2 commit fbdd50a
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 5 deletions.
9 changes: 9 additions & 0 deletions docs/NEWS
@@ -1,3 +1,12 @@
Version 2.0.5 (November 28th, 2016)
------------------------------------------------------------------------

* [Security] Improve preventing fetching local files, thanks to
Xu Yue.

* [Security] Prevent XSS in adding category and directory names,
thanks to Edric Teo @smarterbitbybit.

Version 2.0.4 (September 26th, 2016)
------------------------------------------------------------------------

Expand Down
7 changes: 5 additions & 2 deletions include/admin/images.inc.php
Expand Up @@ -225,8 +225,11 @@
} else {
// Fetch file
$fContent = $req->getResponseBody();
$fUrl = $req->getEffectiveUrl();

if ($serendipity['POST']['imageimporttype'] == 'hotlink') {
if (!serendipity_url_allowed($fUrl)) {
$messages[] = sprintf('<span class="msg_error"><span class="icon-attention-circled"></span> ' . REMOTE_FILE_INVALID . "</span>\n", $fUrl);
} elseif ($serendipity['POST']['imageimporttype'] == 'hotlink') {
$tempfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . '/hotlink_' . time();
$fp = fopen($tempfile, 'w');
fwrite($fp, $fContent);
Expand Down Expand Up @@ -473,7 +476,7 @@

/* TODO: check if directory already exist */
if (is_dir($nd) || @mkdir($nd)) {
$data['print_DIRECTORY_CREATED'] = sprintf(DIRECTORY_CREATED, $serendipity['POST']['name']);
$data['print_DIRECTORY_CREATED'] = sprintf(DIRECTORY_CREATED, $new_dir);
@umask(0000);
@chmod($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir, 0777);

Expand Down
2 changes: 1 addition & 1 deletion serendipity_config.inc.php
Expand Up @@ -47,7 +47,7 @@
}

// The version string
$serendipity['version'] = '2.0.4';
$serendipity['version'] = '2.0.5';


// Setting this to 'false' will enable debugging output. All alpha/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
Expand Down
4 changes: 2 additions & 2 deletions templates/2k11/admin/category.inc.tpl
Expand Up @@ -54,7 +54,7 @@
<div id="category_basics" class="clearfix">
<div class="form_field">
<label for="category_name">{$CONST.NAME}</label>
<input id="category_name" pattern="{if $new}^(?!({foreach $categories as $cat}{$cat.category_name}|{/foreach})$).*{else}^(?!({foreach $categories as $cat}{if $this_cat.category_name != $cat.category_name}{$cat.category_name}{/if}|{/foreach})$).*{/if}" name="serendipity[cat][name]" type="text" value="{$this_cat.category_name|default:""|escape}" title="Categoryname">
<input id="category_name" pattern="{if $new}^(?!({foreach $categories as $cat}{$cat.category_name|escape}|{/foreach})$).*{else}^(?!({foreach $categories as $cat}{if $this_cat.category_name != $cat.category_name}{$cat.category_name|escape}{/if}|{/foreach})$).*{/if}" name="serendipity[cat][name]" type="text" value="{$this_cat.category_name|default:""|escape}" title="{$CONST.CATEGORY}">
</div>

<div class="form_field">
Expand All @@ -74,7 +74,7 @@
<option value="0"{if $cid == 0} selected{/if}>{$CONST.NO_CATEGORY}</option>
{foreach $categories as $cat}
{if $cat.categoryid == $cid}{continue}{/if}
<option value="{$cat.categoryid}"{if $this_cat.parentid == $cat.categoryid} selected{/if}>{for $i=1 to $cat.depth}&nbsp{/for} {$cat.category_name}</option>
<option value="{$cat.categoryid}"{if $this_cat.parentid == $cat.categoryid} selected{/if}>{for $i=1 to $cat.depth}&nbsp{/for} {$cat.category_name|escape}</option>
{/foreach}
</select>
</div>
Expand Down

0 comments on commit fbdd50a

Please sign in to comment.