mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-13 09:28:29 +01:00
CRITICAL: Implement security fixes from latest release of php-xmlrpc
This commit is contained in:
Miles Lott
parent
0589aacb9e
commit
ff4a0d24cc
@ -46,7 +46,7 @@
|
|||||||
var $resp_struct = array();
|
var $resp_struct = array();
|
||||||
var $debug = False;
|
var $debug = False;
|
||||||
var $method_requested;
|
var $method_requested;
|
||||||
var $log = False; //'/tmp/xmlrpc.log';
|
var $log = '/tmp/xmlrpc.log';
|
||||||
|
|
||||||
function xmlrpc_server($dispMap='', $serviceNow=0)
|
function xmlrpc_server($dispMap='', $serviceNow=0)
|
||||||
{
|
{
|
||||||
@ -291,11 +291,16 @@
|
|||||||
$plist = '';
|
$plist = '';
|
||||||
for($i=0; $i<sizeof($GLOBALS['_xh'][$parser]['params']); $i++)
|
for($i=0; $i<sizeof($GLOBALS['_xh'][$parser]['params']); $i++)
|
||||||
{
|
{
|
||||||
//print "<!-- " . $GLOBALS['_xh'][$parser]['params'][$i]. "-->\n";
|
// print "<!-- " . $GLOBALS['_xh'][$parser]['params'][$i]. "-->\n");
|
||||||
$plist .= "$i - " . $GLOBALS['_xh'][$parser]['params'][$i]. " \n";
|
$plist .= "$i - " . $GLOBALS['_xh'][$parser]['params'][$i]. " \n";
|
||||||
$code = '$m->addParam(' . $GLOBALS['_xh'][$parser]['params'][$i] . ');';
|
$code = '$m->addParam(' . $GLOBALS['_xh'][$parser]['params'][$i] . ');';
|
||||||
$code = str_replace(',,',",'',",$code);
|
$code = str_replace(',,',",'',",$code);
|
||||||
eval($code);
|
$allok = 0;
|
||||||
|
@eval($code . '; $allok = 1;');
|
||||||
|
if(!$allok)
|
||||||
|
{
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// uncomment this to really see what the server's getting!
|
// uncomment this to really see what the server's getting!
|
||||||
// xmlrpc_debugmsg($plist);
|
// xmlrpc_debugmsg($plist);
|
||||||
@ -380,7 +385,12 @@
|
|||||||
{
|
{
|
||||||
$code = '$r=' . $dmap[$methName]['function'] . '($this, $m);';
|
$code = '$r=' . $dmap[$methName]['function'] . '($this, $m);';
|
||||||
$code = str_replace(',,',",'',",$code);
|
$code = str_replace(',,',",'',",$code);
|
||||||
eval($code);
|
$allok = 0;
|
||||||
|
@eval($code . '; $allok = 1;');
|
||||||
|
if(!$allok)
|
||||||
|
{
|
||||||
|
return CreateObject('phpgwapi.xmlrpcresp','', $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return']);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -388,16 +398,26 @@
|
|||||||
{
|
{
|
||||||
$code = '$r =' . $dmap[$methName]['function'] . '($m);';
|
$code = '$r =' . $dmap[$methName]['function'] . '($m);';
|
||||||
$code = str_replace(',,',",'',",$code);
|
$code = str_replace(',,',",'',",$code);
|
||||||
eval($code);
|
$allok = 0;
|
||||||
|
@eval($code . '; $allok = 1;');
|
||||||
|
if(!$allok)
|
||||||
|
{
|
||||||
|
return CreateObject('phpgwapi.xmlrpcresp','', $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return']);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* phpgw mod - finally, execute the function call and return the values */
|
/* phpgw mod - finally, execute the function call and return the values */
|
||||||
$params = $GLOBALS['_xh'][$parser]['params'][0];
|
$params = $GLOBALS['_xh'][$parser]['params'][0];
|
||||||
$code = '$p = ' . $params . ';';
|
$code = '$p = ' . $params . ';';
|
||||||
if (count($params) != 0)
|
if(count($params) != 0)
|
||||||
{
|
{
|
||||||
eval($code);
|
$allok = 0;
|
||||||
|
@eval($code . '; $allok = 1;');
|
||||||
|
if(!$allok)
|
||||||
|
{
|
||||||
|
return CreateObject('phpgwapi.xmlrpcresp','', $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return']);
|
||||||
|
}
|
||||||
$params = $p->getval();
|
$params = $p->getval();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -420,7 +440,7 @@
|
|||||||
//$r = CreateObject('phpgwapi.xmlrpcresp',CreateObject('phpgwapi.xmlrpcval',$this->resp_struct,'struct'));
|
//$r = CreateObject('phpgwapi.xmlrpcresp',CreateObject('phpgwapi.xmlrpcval',$this->resp_struct,'struct'));
|
||||||
// this fixes the unnecessary (and not standard-conform) array/xmlrpc struct around everything
|
// this fixes the unnecessary (and not standard-conform) array/xmlrpc struct around everything
|
||||||
$r = CreateObject('phpgwapi.xmlrpcresp',$this->build_resp($res,True));
|
$r = CreateObject('phpgwapi.xmlrpcresp',$this->build_resp($res,True));
|
||||||
/* _debug_array($r); */
|
// _debug_array($r);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -221,16 +221,24 @@
|
|||||||
{
|
{
|
||||||
$code = '$v=' . $GLOBALS['_xh'][$parser]['st'] . '; $allOK=1;';
|
$code = '$v=' . $GLOBALS['_xh'][$parser]['st'] . '; $allOK=1;';
|
||||||
$code = str_replace(',,',",'',",$code);
|
$code = str_replace(',,',",'',",$code);
|
||||||
eval($code);
|
$allok = 0;
|
||||||
if ($GLOBALS['_xh'][$parser]['isf'])
|
@eval($code);
|
||||||
|
if(!$allok)
|
||||||
{
|
{
|
||||||
$f = $v->structmem('faultCode');
|
$r = CreateObject('phpgwapi.xmlrpcresp','', $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return']);
|
||||||
$fs = $v->structmem('faultString');
|
|
||||||
$r = CreateObject('phpgwapi.xmlrpcresp',$v, $f->scalarval(), $fs->scalarval());
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$r = CreateObject('phpgwapi.xmlrpcresp',$v);
|
if ($GLOBALS['_xh'][$parser]['isf'])
|
||||||
|
{
|
||||||
|
$f = $v->structmem('faultCode');
|
||||||
|
$fs = $v->structmem('faultString');
|
||||||
|
$r = CreateObject('phpgwapi.xmlrpcresp',$v, $f->scalarval(), $fs->scalarval());
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$r = CreateObject('phpgwapi.xmlrpcresp',$v);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$r->hdrs = $GLOBALS['_xh'][$parser]['ha']; //split("\r?\n", $GLOBALS['_xh'][$parser]['ha'][1]);
|
$r->hdrs = $GLOBALS['_xh'][$parser]['ha']; //split("\r?\n", $GLOBALS['_xh'][$parser]['ha'][1]);
|
||||||
|
|||||||
@ -189,7 +189,7 @@
|
|||||||
$GLOBALS['_xh'][$parser]['qt']=0;
|
$GLOBALS['_xh'][$parser]['qt']=0;
|
||||||
break;
|
break;
|
||||||
case 'NAME':
|
case 'NAME':
|
||||||
$GLOBALS['_xh'][$parser]['st'] .= "'";
|
$GLOBALS['_xh'][$parser]['st'] .= '"';
|
||||||
$GLOBALS['_xh'][$parser]['ac'] = '';
|
$GLOBALS['_xh'][$parser]['ac'] = '';
|
||||||
break;
|
break;
|
||||||
case 'FAULT':
|
case 'FAULT':
|
||||||
@ -265,7 +265,7 @@
|
|||||||
$GLOBALS['_xh'][$parser]['cm']--;
|
$GLOBALS['_xh'][$parser]['cm']--;
|
||||||
break;
|
break;
|
||||||
case 'NAME':
|
case 'NAME':
|
||||||
$GLOBALS['_xh'][$parser]['st'].= $GLOBALS['_xh'][$parser]['ac'] . "' => ";
|
$GLOBALS['_xh'][$parser]['st'].= $GLOBALS['_xh'][$parser]['ac'] . '" => ';
|
||||||
break;
|
break;
|
||||||
case 'BOOLEAN':
|
case 'BOOLEAN':
|
||||||
// special case here: we translate boolean 1 or 0 into PHP
|
// special case here: we translate boolean 1 or 0 into PHP
|
||||||
@ -293,7 +293,7 @@
|
|||||||
}
|
}
|
||||||
elseif ($GLOBALS['_xh'][$parser]['qt']==2)
|
elseif ($GLOBALS['_xh'][$parser]['qt']==2)
|
||||||
{
|
{
|
||||||
$GLOBALS['_xh'][$parser]['st'].="base64_decode('". $GLOBALS['_xh'][$parser]['ac'] . "')";
|
$GLOBALS['_xh'][$parser]['st'].= 'base64_decode("' . $GLOBALS['_xh'][$parser]['ac'] . '")';
|
||||||
}
|
}
|
||||||
elseif ($name=='BOOLEAN')
|
elseif ($name=='BOOLEAN')
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user