mahara-contributors team mailing list archive

Thread
Date

[Bug 1508684] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1508684@xxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Jul 2016 03:52:54 -0000
Reply-to: Bug 1508684 <1508684@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/6677
Committed: https://git.mahara.org/mahara/mahara/commit/1f299954f3ffbc26c69e27f000daf8f0e97de457
Submitter: Robert Lyon (robertl@xxxxxxxxxxxxxxx)
Branch:    16.04_STABLE

commit 1f299954f3ffbc26c69e27f000daf8f0e97de457
Author: Son Nguyen <son.nguyen@xxxxxxxxxxxxxxx>
Date:   Thu Oct 22 10:55:40 2015 +1300

Make sure imported custom skin xml entries are clean. Bug 1508684

behatnotneeded

Change-Id: I2e597d5931391e731baefa46d5f9d9ca2059ee10

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1508684

Title:
  Unserialize untrusted data when importing skins

Status in Mahara:
  Fix Committed
Status in Mahara 15.04 series:
  Fix Committed
Status in Mahara 15.10 series:
  Fix Committed
Status in Mahara 16.04 series:
  Fix Committed

Bug description:
  Version: 1.10, 15.04. 15.10, master
  Platform: any

  There is a unserialize vulnerability in skin import function

  see line 200 in htdocs/skin/import.php

  When importing the attached skin, you will see the error:

  [WAR] ce (lib/web.php:3684) Object of class __PHP_Incomplete_Class could not be converted to string
  Call stack (most recent first):
  log_message("Object of class __PHP_Incomplete_Class could not b...", 8, true, true, "/var/www/mahara/master/htdocs/lib/web.php", 3684) at /var/www/mahara/master/htdocs/lib/errors.php:441
  error(4096, "Object of class __PHP_Incomplete_Class could not b...", "/var/www/mahara/master/htdocs/lib/web.php", 3684, array(size 5)) at /var/www/mahara/master/htdocs/lib/web.php:3684
  clean_css(object(__PHP_Incomplete_Class), true) at /var/www/mahara/master/htdocs/skin/import.php:200
  importskinform_submit(object(Pieform), array(size 4)) at Unknown:0
  call_user_func_array("importskinform_submit", array(size 2)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:537
  Pieform->__construct(array(size 4)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:164
  Pieform::process(array(size 4)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:71
  pieform(array(size 4)) at /var/www/mahara/master/htdocs/skin/import.php:64

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1508684/+subscriptions

References

[Bug 1508684] [NEW] Unserialize untrusted data when importing skins
From: Son Nguyen, 2015-10-21