File: 016CVE-2009-2334.dpatch

package info (click to toggle)
wordpress 2.0.10-1etch6
links: PTS
area: main
in suites: etch
size: 3,040 kB
ctags: 7,377
sloc: php: 26,382; sh: 4,645; makefile: 23
file content (207 lines) | stat: -rw-r--r-- 7,715 bytes
#! /bin/sh /usr/share/dpatch/dpatch-run
## 016CVE-2009-2334.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixed CVE-2009-2334: Added some CYA cap checks (Closes #536724)

@DPATCH@
diff -urNad wordpress~/wp-admin/edit-comments.php wordpress/wp-admin/edit-comments.php
--- wordpress~/wp-admin/edit-comments.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/edit-comments.php	2009-08-15 10:46:12.000000000 +0200
@@ -1,6 +1,7 @@
 <?php
 require_once('admin.php');
-
+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
 $title = __('Edit Comments');
 $parent_file = 'edit.php';
 $list_js = true;
diff -urNad wordpress~/wp-admin/edit-pages.php wordpress/wp-admin/edit-pages.php
--- wordpress~/wp-admin/edit-pages.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/edit-pages.php	2009-08-15 10:47:10.000000000 +0200
@@ -1,5 +1,7 @@
 <?php
 require_once('admin.php');
+if ( !current_user_can('edit_pages') )
+	wp_die(__('Cheatin&#8217; uh?'));
 $title = __('Pages');
 $parent_file = 'edit.php';
 $list_js = true;
diff -urNad wordpress~/wp-admin/edit.php wordpress/wp-admin/edit.php
--- wordpress~/wp-admin/edit.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/edit.php	2009-08-15 10:46:37.000000000 +0200
@@ -1,6 +1,7 @@
 <?php
 require_once('admin.php');
-
+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
 $title = __('Posts');
 $parent_file = 'edit.php';
 $list_js = true;
diff -urNad wordpress~/wp-admin/import.php wordpress/wp-admin/import.php
--- wordpress~/wp-admin/import.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/import.php	2009-08-15 10:43:37.000000000 +0200
@@ -1,5 +1,7 @@
 <?php
 require_once ('admin.php');
+if ( !current_user_can('edit_files') )
+	wp_die(__('You do not have sufficient permissions to import content in this blog.'));
 $title = __('Import');
 $parent_file = 'import.php';
 require_once ('admin-header.php');
diff -urNad wordpress~/wp-admin/link-add.php wordpress/wp-admin/link-add.php
--- wordpress~/wp-admin/link-add.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/link-add.php	2009-08-15 10:43:02.000000000 +0200
@@ -1,6 +1,9 @@
 <?php
 require_once('admin.php');
 
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit categories for this blog.'));
+
 $title = __('Add Link');
 $this_file = 'link-manager.php';
 $parent_file = 'link-manager.php';
diff -urNad wordpress~/wp-admin/options-discussion.php wordpress/wp-admin/options-discussion.php
--- wordpress~/wp-admin/options-discussion.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/options-discussion.php	2009-08-15 10:29:19.000000000 +0200
@@ -6,6 +6,9 @@
 
 include('admin-header.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 if ($action == 'retrospam') {
 	if ( $_GET['move'] == 'true' ) {
 		retrospam_mgr::move_spam( $_GET[ids] );
diff -urNad wordpress~/wp-admin/options-general.php wordpress/wp-admin/options-general.php
--- wordpress~/wp-admin/options-general.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/options-general.php	2009-08-15 10:28:39.000000000 +0200
@@ -4,7 +4,11 @@
 $title = __('General Options');
 $parent_file = 'options-general.php';
 
+
 include('./admin-header.php');
+
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
 ?>
  
 <div class="wrap">
@@ -108,4 +112,4 @@
 
 </div> 
 
-<?php include('./admin-footer.php') ?>
\ No newline at end of file
+<?php include('./admin-footer.php') ?>
diff -urNad wordpress~/wp-admin/options-misc.php wordpress/wp-admin/options-misc.php
--- wordpress~/wp-admin/options-misc.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/options-misc.php	2009-08-15 10:28:15.000000000 +0200
@@ -6,6 +6,8 @@
 
 include('admin-header.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
 ?>
  
 <div class="wrap"> 
@@ -48,4 +50,4 @@
 </form> 
 </div>
 
-<?php include('./admin-footer.php'); ?>
\ No newline at end of file
+<?php include('./admin-footer.php'); ?>
diff -urNad wordpress~/wp-admin/options-permalink.php wordpress/wp-admin/options-permalink.php
--- wordpress~/wp-admin/options-permalink.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/options-permalink.php	2009-08-15 10:34:10.000000000 +0200
@@ -1,6 +1,9 @@
 <?php
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Permalink Options');
 $parent_file = 'options-general.php';
 
diff -urNad wordpress~/wp-admin/options-reading.php wordpress/wp-admin/options-reading.php
--- wordpress~/wp-admin/options-reading.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/options-reading.php	2009-08-15 10:33:30.000000000 +0200
@@ -1,6 +1,8 @@
 <?php
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
 $title = __('Reading Options');
 $parent_file = 'options-general.php';
 
@@ -62,4 +64,4 @@
 </p> 
 </form> 
 </div> 
-<?php include('./admin-footer.php'); ?>
\ No newline at end of file
+<?php include('./admin-footer.php'); ?>
diff -urNad wordpress~/wp-admin/options-writing.php wordpress/wp-admin/options-writing.php
--- wordpress~/wp-admin/options-writing.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/options-writing.php	2009-08-15 10:36:23.000000000 +0200
@@ -1,6 +1,9 @@
 <?php
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Writing Options');
 $parent_file = 'options-general.php';
 
@@ -97,4 +100,4 @@
 </form> 
 </div> 
 
-<?php include('./admin-footer.php') ?>
\ No newline at end of file
+<?php include('./admin-footer.php') ?>
diff -urNad wordpress~/wp-admin/plugins.php wordpress/wp-admin/plugins.php
--- wordpress~/wp-admin/plugins.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/plugins.php	2009-08-15 10:31:18.000000000 +0200
@@ -1,5 +1,7 @@
 <?php
 require_once('admin.php');
+if ( ! current_user_can('activate_plugins') )
+	wp_die(__('You do not have sufficient permissions to manage plugins for this blog.'));
 
 if ( isset($_GET['action']) ) {
 	if ('activate' == $_GET['action']) {
diff -urNad wordpress~/wp-admin/themes.php wordpress/wp-admin/themes.php
--- wordpress~/wp-admin/themes.php	2009-08-15 10:16:28.000000000 +0200
+++ wordpress/wp-admin/themes.php	2009-08-15 10:37:23.000000000 +0200
@@ -1,6 +1,9 @@
 <?php
 require_once('admin.php');
 
+if ( !current_user_can('switch_themes') )
+	wp_die( __( 'Cheatin&#8217; uh?' ) );
+
 if ( isset($_GET['action']) ) {
 	check_admin_referer('switch-theme_' . $_GET['template']);
 	
diff -urNad wordpress~/wp-includes/vars.php wordpress/wp-includes/vars.php
--- wordpress~/wp-includes/vars.php	2009-08-15 10:23:07.000000000 +0200
+++ wordpress/wp-includes/vars.php	2009-08-15 10:25:52.000000000 +0200
@@ -5,6 +5,7 @@
 	// wp-admin pages are checked more carefully
 	preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches);
 	$pagenow = $self_matches[1];
+	$pagenow = trim($pagenow, '/');
 	$pagenow = preg_replace('#\?.*?$#', '', $pagenow);
 	if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) {
 		$pagenow = 'index.php';