Skip to content

O
OHR Support
Commit 4fbd866a authored by Holger Just's avatar Holger Just
Browse files
Options

Merge branch 'release-v1.5.5' into stable-1.x

parents b2bbc1cb 4b8cfa08
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 4 deletions
doc/CHANGELOG.rdoc
View file @ 4fbd866a
= ChiliProject changelog = ChiliProject changelog
== 2011-11-30 v1.5.5
* Bug #709: Redmine.pm potential security issue with cache credential enabled and subversion
== 2011-10-31 v1.5.4 == 2011-10-31 v1.5.4
* Bug #647: XSS: User input for images is not properly sanitized * Bug #647: XSS: User input for images is not properly sanitized
......
extra/svn/Redmine.pm
View file @ 4fbd866a
...@@ -438,10 +438,12 @@ sub is_member { ...@@ -438,10 +438,12 @@ sub is_member {
my $pass_digest = Digest::SHA1::sha1_hex($redmine_pass); my $pass_digest = Digest::SHA1::sha1_hex($redmine_pass);
my $access_mode = request_is_read_only($r) ? "R" : "W";
my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config); my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
my $usrprojpass; my $usrprojpass;
if ($cfg->{RedmineCacheCredsMax}) { if ($cfg->{RedmineCacheCredsMax}) {
$usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id); $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest)); return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
} }
my $query = $cfg->{RedmineQuery}; my $query = $cfg->{RedmineQuery};
...@@ -484,10 +486,10 @@ sub is_member { ...@@ -484,10 +486,10 @@ sub is_member {
if ($cfg->{RedmineCacheCredsMax} and $ret) { if ($cfg->{RedmineCacheCredsMax} and $ret) {
if (defined $usrprojpass) { if (defined $usrprojpass) {
$cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id, $pass_digest); $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
} else { } else {
if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) { if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
$cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id, $pass_digest); $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
$cfg->{RedmineCacheCredsCount}++; $cfg->{RedmineCacheCredsCount}++;
} else { } else {
$cfg->{RedmineCacheCreds}->clear(); $cfg->{RedmineCacheCreds}->clear();
......
lib/redmine/version.rb
View file @ 4fbd866a
...@@ -4,7 +4,7 @@ module Redmine ...@@ -4,7 +4,7 @@ module Redmine
module VERSION #:nodoc: module VERSION #:nodoc:
MAJOR = 1 MAJOR = 1
MINOR = 5 MINOR = 5
PATCH = 4 PATCH = 5
TINY = PATCH # Redmine compat TINY = PATCH # Redmine compat
def self.revision def self.revision
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment