From fb36094eb176055f175e69bf9e6f11ff477cc11c Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 31 Jan 2010 22:55:07 -0500 Subject: [PATCH 1/4] buggy fetch for site owner --- classes/User.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/classes/User.php b/classes/User.php index 022044aac1..4013fbc832 100644 --- a/classes/User.php +++ b/classes/User.php @@ -945,9 +945,9 @@ class User extends Memcached_DataObject $pr->orderBy('created'); - $pr->limit(0, 1); + $pr->limit(1); - if ($pr->fetch($true)) { + if ($pr->find(true)) { $owner = User::staticGet('id', $pr->profile_id); } else { $owner = null; From 5d2c0838997824b2f2b9105a1aa269b5a8b79f82 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 31 Jan 2010 22:58:29 -0500 Subject: [PATCH 2/4] Add a script to clear the cache for a given key Like showcache.php, clearcache.php clears the cache for a given key. --- scripts/clearcache.php | 70 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 scripts/clearcache.php diff --git a/scripts/clearcache.php b/scripts/clearcache.php new file mode 100644 index 0000000000..702c1e3d67 --- /dev/null +++ b/scripts/clearcache.php @@ -0,0 +1,70 @@ +#!/usr/bin/env php +. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/..')); + +$shortoptions = "t:c:v:k:"; + +$helptext = << +clears the cached object based on the args + + -t table Table to look up + -c column Column to look up, default "id" + -v value Value to look up + -k key Key to look up; other args are ignored + +ENDOFHELP; + +require_once INSTALLDIR.'/scripts/commandline.inc'; + +$karg = get_option_value('k'); + +if (!empty($karg)) { + $k = common_cache_key($karg); +} else { + $table = get_option_value('t'); + if (empty($table)) { + die("No table or key specified\n"); + } + $column = get_option_value('c'); + if (empty($column)) { + $column = 'id'; + } + $value = get_option_value('v'); + + $k = Memcached_DataObject::cacheKey($table, $column, $value); +} + +print "Clearing key '$k'..."; + +$c = common_memcache(); + +if (empty($c)) { + die("Can't initialize cache object!\n"); +} + +$result = $c->delete($k); + +if ($result) { + print "OK.\n"; +} else { + print "FAIL.\n"; +} From f9cb1c32650ff755b79837594fabb20f64e0fe1f Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 1 Feb 2010 00:47:50 -0500 Subject: [PATCH 3/4] restructuring of User::registerNew() lost password munging --- classes/User.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/classes/User.php b/classes/User.php index 4013fbc832..0ab816b57e 100644 --- a/classes/User.php +++ b/classes/User.php @@ -250,10 +250,6 @@ class User extends Memcached_DataObject $user->nickname = $nickname; - if (!empty($password)) { // may not have a password for OpenID users - $user->password = common_munge_password($password, $id); - } - // Users who respond to invite email have proven their ownership of that address if (!empty($code)) { @@ -286,6 +282,9 @@ class User extends Memcached_DataObject $user->id = $id; $user->uri = common_user_uri($user); + if (!empty($password)) { // may not have a password for OpenID users + $user->password = common_munge_password($password, $id); + } $result = $user->insert(); From 57d8f22a3ae8aba882b7782cbc426e65cdb355f6 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 1 Feb 2010 11:10:36 -0500 Subject: [PATCH 4/4] fix local file include vulnerability in doc.php Conflicts: actions/doc.php --- actions/doc.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/actions/doc.php b/actions/doc.php index 25d363472a..eaf4b7df2d 100644 --- a/actions/doc.php +++ b/actions/doc.php @@ -54,6 +54,9 @@ class DocAction extends Action parent::prepare($args); $this->title = $this->trimmed('title'); + if (!preg_match('/^[a-zA-Z0-9_-]*$/', $this->title)) { + $this->title = 'help'; + } $this->output = null; $this->loadDoc();