1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## 017CVE-2008-5113.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixed CVE-2008-5113: Force REQUEST to be GET + POST. If SERVER, COOKIE, or ENV are needed, use those superglobals directly. (Closes: #504771)
@DPATCH@
diff -urNad wordpress~/wp-settings.php wordpress/wp-settings.php
--- wordpress~/wp-settings.php 2009-08-15 16:00:19.000000000 +0200
+++ wordpress/wp-settings.php 2009-08-15 16:17:25.000000000 +0200
@@ -22,6 +22,9 @@
unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories );
+// Force REQUEST to be GET + POST. If SERVER, COOKIE, or ENV are needed, use those superglobals directly.
+$_REQUEST = array_merge($_GET, $_POST);
+
if ( ! isset($blog_id) )
$blog_id = 1;
|
