[phpBB] svn: r608 - trunk/phpbb3

taffit at wolffelaar.nl taffit at wolffelaar.nl
Mon Mar 7 04:06:04 CET 2011


Author: taffit
Date: 2011-03-07 04:06:03 +0100 (Mon, 07 Mar 2011)
New Revision: 608

Modified:
   trunk/phpbb3/changelog
   trunk/phpbb3/dbapps-lib
Log:
Enforce run_sql for localhost (closes: #613060)

Enforce run_sql call to mysql with "-h localhost" when $dbc_dbserver is
empty.

Modified: trunk/phpbb3/changelog
===================================================================
--- trunk/phpbb3/changelog	2011-03-06 23:34:29 UTC (rev 607)
+++ trunk/phpbb3/changelog	2011-03-07 03:06:03 UTC (rev 608)
@@ -2,14 +2,16 @@
 
   [ David Prévot ]
   * Fix broken cache, thanks to Nicolas Schodet (actually closes: #599480).
-  * Fix cross site scripting vulnerability (closes: 612477) [CVE-2011-0544].
+  * Fix cross site scripting vulnerability (closes: #612477) [CVE-2011-0544].
+  * Enforce run_sql with "-h localhost" when $dbc_dbserver is empty
+    (closes: #613060).
 
   [ Jean-Marc Roth ]
   * Fix postgres failure when postgres server is remote (closes: #612441). 
   * Don't be too rude on trying to uninstall when unsupported webserver is 
     used (closes: #597373). 
 
- -- Jean-Marc Roth <jmroth at iip.lu>  Sun, 06 Mar 2011 16:29:14 -0400
+ -- Jean-Marc Roth <jmroth at iip.lu>  Sun, 06 Mar 2011 22:35:33 -0400
 
 phpbb3 (3.0.7-PL1-4) unstable; urgency=high
 

Modified: trunk/phpbb3/dbapps-lib
===================================================================
--- trunk/phpbb3/dbapps-lib	2011-03-06 23:34:29 UTC (rev 607)
+++ trunk/phpbb3/dbapps-lib	2011-03-07 03:06:03 UTC (rev 608)
@@ -14,7 +14,7 @@
     ERR=
     case $dbc_dbtype in
         mysql )
-            echo $sql | mysql ${dbc_dbserver:+-h $dbc_dbserver} ${dbc_dbport:+--port $dbc_dbport} -u $dbc_dbuser -p$dbc_dbpass $dbc_dbname -s || run_sql_fail $dbc_dbtype
+            echo $sql | mysql ${dbc_dbserver:+-h $dbc_dbserver} ${dbc_dbserver:--h localhost} ${dbc_dbport:+--port $dbc_dbport} -u $dbc_dbuser -p$dbc_dbpass $dbc_dbname -s || run_sql_fail $dbc_dbtype
             ;;
         pgsql )
             if [ -z "${dbc_dbserver}" ]; then





More information about the phpBB-l mailing list