1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## 015CVE-2009-2334.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixed CVE-2008-6767: Only admin can upgrade wordpress. (Closes: #531736)
@DPATCH@
diff -urNad wordpress~/wp-admin/upgrade.php wordpress/wp-admin/upgrade.php
--- wordpress~/wp-admin/upgrade.php 2009-08-14 21:50:58.000000000 +0200
+++ wordpress/wp-admin/upgrade.php 2009-08-14 21:51:50.000000000 +0200
@@ -5,6 +5,13 @@
timer_start();
require_once(ABSPATH . '/wp-admin/upgrade-functions.php');
+$user_id = (int) $user_id;
+
+$current_user = wp_get_current_user();
+$user_id = $current_user->ID;
+if ($user_id != 1)
+ wp_safe_redirect('../wp-login.php?upgrade');
+
$step = $_GET['step'];
if (!$step) $step = 0;
header( 'Content-Type: text/html; charset=utf-8' );
diff -urNad wordpress~/wp-login.php wordpress/wp-login.php
--- wordpress~/wp-login.php 2009-08-14 21:50:58.000000000 +0200
+++ wordpress/wp-login.php 2009-08-14 21:55:01.000000000 +0200
@@ -208,6 +208,8 @@
}
} else if ( $user_login || $user_pass ) {
$error = __('<strong>Error</strong>: The password field is empty.');
+ } else if ( isset($_GET['upgrade'])) {
+ $error = __('<strong>Error</strong>: Upgrade is needed, please log in with the admin account.');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
