[commits] Image branch master updated. 74e66df653ee519d74eff6820c6966b2f27b0d05
Michael J. Rubinsky
mrubinsk at horde.org
Wed Nov 21 16:11:02 UTC 2018
The branch "master" has been updated.
The following is a summary of the commits.
from: a0e9130f781bbb4ed30b4f7827cfa03123b8df61
c939c09 Sanitize more arguments to protect against RCE.
c511f4d Merge branch 'farisv-security-fix'
8d773f2 Fix escaping in Watermark effect.
74e66df Must use addslashes here.
Summary: https://github.com/horde/Image/compare/a0e9130f781b...74e66df653ee
-----------------------------------------------------------------------
commit c939c0985f4643a7b7773c98a7f6050f4957728e
Author: farisv <fvidyan at gmail.com>
Date: Mon, 05 Nov 2018 23:01:07 +0800
Sanitize more arguments to protect against RCE.
M lib/Horde/Image/Im.php
https://github.com/horde/Image/commit/c939c0985f4643a7b7773c98a7f6050f4957728e
-----------------------------------------------------------------------
commit c511f4dd10d26846805e4c1d0ab791fd744db122
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date: Wed, 21 Nov 2018 11:08:31 -0500
Merge branch 'farisv-security-fix'
M lib/Horde/Image/Im.php
https://github.com/horde/Image/commit/c511f4dd10d26846805e4c1d0ab791fd744db122
-----------------------------------------------------------------------
commit 8d773f2dd1cda9c06e55b9db0af309db192c0961
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date: Wed, 21 Nov 2018 11:08:51 -0500
Fix escaping in Watermark effect.
Current escaping breaks the command by wrapping the already double
quoted value in single quotes, and potentially unevenly escaping
quote characters in the string.
M lib/Horde/Image/Effect/Im/TextWatermark.php
https://github.com/horde/Image/commit/8d773f2dd1cda9c06e55b9db0af309db192c0961
-----------------------------------------------------------------------
commit 74e66df653ee519d74eff6820c6966b2f27b0d05
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date: Wed, 21 Nov 2018 11:10:01 -0500
Must use addslashes here.
We don't want the entire string single quoted.
M lib/Horde/Image/Im.php
https://github.com/horde/Image/commit/74e66df653ee519d74eff6820c6966b2f27b0d05
More information about the commits
mailing list