From 32b3b1026de416c52a4a1b9d4dede1bb1673fd0c Mon Sep 17 00:00:00 2001 From: seek3r Date: Tue, 5 Dec 2000 09:06:04 +0000 Subject: [PATCH] cleaned up security issue and preped for doing a release needed by our users to close this security hole --- setup/sql/mysql_newtables.inc.php | 2 +- setup/sql/mysql_upgrade_beta.inc.php | 35 ++++++++++++++++------------ setup/sql/pgsql_newtables.inc.php | 2 +- setup/sql/pgsql_upgrade_beta.inc.php | 4 ++++ 4 files changed, 26 insertions(+), 17 deletions(-) diff --git a/setup/sql/mysql_newtables.inc.php b/setup/sql/mysql_newtables.inc.php index 52e7fd36fa..3f1456a891 100644 --- a/setup/sql/mysql_newtables.inc.php +++ b/setup/sql/mysql_newtables.inc.php @@ -291,7 +291,7 @@ )"; $db->query($sql); - $currentver = "0.9.7pre2"; + $currentver = "0.9.7"; $oldversion = $currentver; update_version_table(); ?> diff --git a/setup/sql/mysql_upgrade_beta.inc.php b/setup/sql/mysql_upgrade_beta.inc.php index 0bb6c8b86f..81946e0520 100644 --- a/setup/sql/mysql_upgrade_beta.inc.php +++ b/setup/sql/mysql_upgrade_beta.inc.php @@ -689,25 +689,30 @@ if ($currentver == "0.9.7pre2") { $db2 = $db; $sql = "ALTER TABLE calendar_entry CHANGE cal_duration cal_edatetime int(11)"; - $db->query($sql,__LINE__,__FILE__); - - $db->query("SELECT cal_id,cal_datetime,cal_owner,cal_edatetime,cal_mdatetime FROM calendar_entry ORDER BY cal_id",__LINE__,__FILE__); - if($db->num_rows()) { - while($db->next_record()) { - $db2->query("SELECT preference_value FROM preferences WHERE preference_name='tz_offset' AND preference_appname='common' AND preference_owner=".$db->f("cal_owner"),__LINE__,__FILE__); - $db2->next_record(); - $tz = $db2->f("preference_value"); - $cal_id = $db->f("cal_id"); - $datetime = $db->f("cal_datetime") - ((60 * 60) * $tz); - $mdatetime = $db->f("cal_mdatetime") - ((60 * 60) * $tz); - $edatetime = $datetime + (60 * $db->f("cal_edatetime")); - $db2->query("UPDATE calendar_entry SET cal_datetime=".$datetime.", cal_edatetime=".$edatetime.", cal_mdatetime=".$mdatetime." WHERE cal_id=".$cal_id,__LINE__,__FILE__); - } - } + $db->query($sql,__LINE__,__FILE__); + + $db->query("SELECT cal_id,cal_datetime,cal_owner,cal_edatetime,cal_mdatetime FROM calendar_entry ORDER BY cal_id",__LINE__,__FILE__); + if($db->num_rows()) { + while($db->next_record()) { + $db2->query("SELECT preference_value FROM preferences WHERE preference_name='tz_offset' AND preference_appname='common' AND preference_owner=".$db->f("cal_owner"),__LINE__,__FILE__); + $db2->next_record(); + $tz = $db2->f("preference_value"); + $cal_id = $db->f("cal_id"); + $datetime = $db->f("cal_datetime") - ((60 * 60) * $tz); + $mdatetime = $db->f("cal_mdatetime") - ((60 * 60) * $tz); + $edatetime = $datetime + (60 * $db->f("cal_edatetime")); + $db2->query("UPDATE calendar_entry SET cal_datetime=".$datetime.", cal_edatetime=".$edatetime.", cal_mdatetime=".$mdatetime." WHERE cal_id=".$cal_id,__LINE__,__FILE__); + } + } $currentver = "0.9.7pre3"; update_version_table(); } + if ($currentver == "0.9.7pre3") { + $currentver = "0.9.7"; + update_version_table(); + } + if ($oldversion != $currentver){ echo " \n"; echo " \n"; diff --git a/setup/sql/pgsql_newtables.inc.php b/setup/sql/pgsql_newtables.inc.php index 8a6cb222d4..9829ec1d22 100644 --- a/setup/sql/pgsql_newtables.inc.php +++ b/setup/sql/pgsql_newtables.inc.php @@ -262,7 +262,7 @@ )"; $db->query($sql); - $currentver = "0.9.7pre2"; + $currentver = "0.9.7"; $oldversion = $currentver; update_version_table(); ?> diff --git a/setup/sql/pgsql_upgrade_beta.inc.php b/setup/sql/pgsql_upgrade_beta.inc.php index 95fc934e33..0aca73351f 100644 --- a/setup/sql/pgsql_upgrade_beta.inc.php +++ b/setup/sql/pgsql_upgrade_beta.inc.php @@ -726,6 +726,10 @@ $currentver = "0.9.7pre3"; update_version_table(); } + if ($currentver == "0.9.7pre3") { + $currentver = "0.9.7"; + update_version_table(); + } if ($oldversion != $currentver){ echo " \n";