From 56ef9b96cf85ba4b1e5df37ac113143f102d3642 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 19 Apr 2012 11:23:45 +0200 Subject: some more debug output in the indexer webbug --- lib/exe/indexer.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/exe/indexer.php b/lib/exe/indexer.php index 95e2af05b..738a29503 100644 --- a/lib/exe/indexer.php +++ b/lib/exe/indexer.php @@ -55,6 +55,8 @@ exit; function runTrimRecentChanges($media_changes = false) { global $conf; + echo "runTrimRecentChanges($media_changes): started".NL; + $fn = ($media_changes ? $conf['media_changelog'] : $conf['changelog']); // Trim the Recent Changes @@ -70,6 +72,7 @@ function runTrimRecentChanges($media_changes = false) { if (count($lines)<=$conf['recent']) { // nothing to trim io_unlock($fn); + echo "runTrimRecentChanges($media_changes): finished".NL; return false; } @@ -91,6 +94,7 @@ function runTrimRecentChanges($media_changes = false) { // nothing to trim @unlink($fn.'_tmp'); io_unlock($fn); + echo "runTrimRecentChanges($media_changes): finished".NL; return false; } @@ -114,10 +118,12 @@ function runTrimRecentChanges($media_changes = false) { } else { io_unlock($fn); } + echo "runTrimRecentChanges($media_changes): finished".NL; return true; } // nothing done + echo "runTrimRecentChanges($media_changes): finished".NL; return false; } @@ -160,11 +166,12 @@ function runSitemapper(){ * @author Adrian Lang */ function sendDigest() { - echo 'sendDigest(): start'.NL; + echo 'sendDigest(): started'.NL; global $ID; global $conf; if (!$conf['subscribers']) { - return; + echo 'sendDigest(): disabled'.NL; + return false; } $subscriptions = subscription_find($ID, array('style' => '(digest|list)', 'escaped' => true)); @@ -243,6 +250,8 @@ function sendDigest() { // restore current user info $USERINFO = $olduinfo; $_SERVER['REMOTE_USER'] = $olduser; + echo 'sendDigest(): finished'.NL; + return true; } /** -- cgit v1.2.3 From ff71173477e54774b5571015d49d944f51cb8a26 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 19 Apr 2012 11:26:46 +0200 Subject: escape target error message (SECURITY) FS#2487 FS#2488 The error message when a non-existant editor was tried to load wasn't escaped correctly, allowing to introduce arbitrary JavaScript to the output, leading to a XSS vulnerability. Note: the reported second XCRF vulnerability is the same bug, the xploit code simply uses JavaScript to extract a valid CSRF token from the site --- inc/html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/html.php b/inc/html.php index b233e1d92..022cd792a 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1436,7 +1436,7 @@ function html_edit_form($param) { global $TEXT; if ($param['target'] !== 'section') { - msg('No editor for edit target ' . $param['target'] . ' found.', -1); + msg('No editor for edit target ' . hsc($param['target']) . ' found.', -1); } $attr = array('tabindex'=>'1'); -- cgit v1.2.3 From 2f85287ef7aafab72cec14c85c1ab4cd1d7facc9 Mon Sep 17 00:00:00 2001 From: Adrian Lang Date: Thu, 19 Apr 2012 12:12:33 +0200 Subject: Release preparations --- doku.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doku.php b/doku.php index e699c818b..97e594cb3 100644 --- a/doku.php +++ b/doku.php @@ -7,7 +7,7 @@ */ // update message version -$updateVersion = 36; +$updateVersion = 36.1; // xdebug_start_profiling(); -- cgit v1.2.3