mahara-contributors team mailing list archive

Thread
Date

[Bug 1508684] Re: Unserialize untrusted data when importing skins

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Mon, 11 Jul 2016 04:52:51 -0000
Reply-to: Bug 1508684 <1508684@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/16.04
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1508684

Title:
  Unserialize untrusted data when importing skins

Status in Mahara:
  Fix Committed
Status in Mahara 15.04 series:
  Fix Committed
Status in Mahara 15.10 series:
  Fix Released
Status in Mahara 16.04 series:
  Fix Released

Bug description:
  Version: 1.10, 15.04. 15.10, master
  Platform: any

  There is a unserialize vulnerability in skin import function

  see line 200 in htdocs/skin/import.php

  When importing the attached skin, you will see the error:

  [WAR] ce (lib/web.php:3684) Object of class __PHP_Incomplete_Class could not be converted to string
  Call stack (most recent first):
  log_message("Object of class __PHP_Incomplete_Class could not b...", 8, true, true, "/var/www/mahara/master/htdocs/lib/web.php", 3684) at /var/www/mahara/master/htdocs/lib/errors.php:441
  error(4096, "Object of class __PHP_Incomplete_Class could not b...", "/var/www/mahara/master/htdocs/lib/web.php", 3684, array(size 5)) at /var/www/mahara/master/htdocs/lib/web.php:3684
  clean_css(object(__PHP_Incomplete_Class), true) at /var/www/mahara/master/htdocs/skin/import.php:200
  importskinform_submit(object(Pieform), array(size 4)) at Unknown:0
  call_user_func_array("importskinform_submit", array(size 2)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:537
  Pieform->__construct(array(size 4)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:164
  Pieform::process(array(size 4)) at /var/www/mahara/master/htdocs/lib/pieforms/pieform.php:71
  pieform(array(size 4)) at /var/www/mahara/master/htdocs/skin/import.php:64

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1508684/+subscriptions

References

[Bug 1508684] [NEW] Unserialize untrusted data when importing skins
From: Son Nguyen, 2015-10-21