Commits

sembrestels  committed 33bf980

Migrated to Elgg 1.7.13.

  • Participants
  • Parent commits ed2d6fb

Comments (0)

Files changed (7)

File elgg/CHANGES.txt

+Version 1.7.13
+(October 8th, 2011 from https://github.com/Elgg/Elgg/tree/1.7)
+
+ Security Enhancements:
+  * Fixed a SQL query exposure vulnerability in the livesearch endpoint.
+
+ Enhancements:
+  * The file plugin will reject uploads that are too large with an error instead
+    of saving an empty file.
+
+ Bugfixes:
+  * Fixed problem that could cause WSOD for logged out users and during upgrade.
+  * Pages without owners will forward away to avoid WSOD.
+
 Version 1.7.12
 (September 29th, 2011 from https://github.com/Elgg/Elgg/tree/1.7)
 

File elgg/ChangeLog

+2011-10-08  Brett Profitt <brett.profitt@gmail.com>
+
+  	* CHANGES.txt, version.php: Bumped version to 1.7.13. Updated changes.
+
+2011-10-06  cash <cash.costello@gmail.com>
+
+  	* engine/lib/input.php: Fixes #3931 fixes vulnerability in live search end
+  point
+
+2011-10-05  Brett Profitt <brett.profitt@gmail.com>
+
+  	* engine/lib/entities.php: Fixes #3722. Checking for user when checking
+  container.
+
+2011-10-04  cash <cash.costello@gmail.com>
+
+  	* mod/file/actions/upload.php, mod/file/languages/en.php: Fixes #3919
+  checking if the file upload failed rather than saving empty file
+
+  	* mod/pages/index.php: Fixes #3916 forwards when no owner
+
 2011-09-29  Brett Profitt <brett.profitt@gmail.com>
 
   	* engine/lib/access.php: Fixed problem when checking access for logged out

File elgg/engine/lib/entities.php

 	} else {
 		$container = get_entity($container_guid);
 
-		if ($container) {
+		if ($container && $user) {
 			// If the user can edit the container, they can also write to it
 			$return = $container->canEdit($user->getGUID());
 

File elgg/engine/lib/input.php

 		$owner_where = '';
 	}
 
-	$limit = get_input('limit', 10);
+	$limit = sanitise_int(get_input('limit', 10));
 
 	// grab a list of entities and send them in json.
 	$results = array();

File elgg/mod/file/actions/upload.php

 	$guid = (int) get_input('file_guid');
 	$tags = get_input("tags");
 	
+	// check if upload failed
+	if (!empty($_FILES['upload']['name']) && $_FILES['upload']['error'] != 0) {
+		// cache information in session
+		$_SESSION['uploadtitle'] = $title;
+		$_SESSION['uploaddesc'] = $desc;
+		$_SESSION['uploadtags'] = $tags;
+		$_SESSION['uploadaccessid'] = $access_id;
+		register_error(elgg_echo('file:cannotload'));
+		forward($_SERVER['HTTP_REFERER']);
+	}	
+
 	// check whether this is a new file or an edit
 	$new_file = true;
 	if ($guid > 0) {

File elgg/mod/pages/index.php

 	
 	// Add menus
 	$owner = page_owner_entity();
+
+	if (!$owner) {
+		forward($CONFIG->wwwroot . 'pg/pages/all/');
+	}
+
 	if (!($owner instanceof ElggGroup)) {
     		add_submenu_item(sprintf(elgg_echo("pages:user"), page_owner_entity()->name), $CONFIG->url . "pg/pages/owned/" . page_owner_entity()->username, 'pageslinksgeneral');
     		add_submenu_item(elgg_echo('pages:all'),$CONFIG->wwwroot."pg/pages/all/", 'pageslinksgeneral');

File elgg/version.php

 $version = 2011052801;
 
 // Human-friendly version name
-$release = '1.7.12';
+$release = '1.7.13';