[commits] Image branch FRAMEWORK_5_2 updated. 95d74c6ab7158729ca9f7c4ff140dc687a8a40d2

Michael J. Rubinsky mrubinsk at horde.org
Wed Nov 21 16:12:13 UTC 2018


The branch "FRAMEWORK_5_2" has been updated.
The following is a summary of the commits.

from: c790839e7f7c33121626aa49278a039a5e282768

2f39693 Sanitize more arguments to protect against RCE.
e254f50 Fix escaping in Watermark effect.
95d74c6 Must use addslashes here.

Summary: https://github.com/horde/Image/compare/c790839e7f7c...95d74c6ab715

-----------------------------------------------------------------------

commit 2f3969305ebdad5704032f2ef5fc732cfc5ff1b8
Author: farisv <fvidyan at gmail.com>
Date:   Wed, 21 Nov 2018 11:11:43 -0500

Sanitize more arguments to protect against RCE.

 M lib/Horde/Image/Im.php

https://github.com/horde/Image/commit/2f3969305ebdad5704032f2ef5fc732cfc5ff1b8

-----------------------------------------------------------------------

commit e254f500d8dbd7f4f3afafc6d131e9b9c500ccd1
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date:   Wed, 21 Nov 2018 11:11:55 -0500

Fix escaping in Watermark effect.

Current escaping breaks the command by wrapping the already double
quoted value in single quotes, and potentially unevenly escaping
quote characters in the string.

 M lib/Horde/Image/Effect/Im/TextWatermark.php

https://github.com/horde/Image/commit/e254f500d8dbd7f4f3afafc6d131e9b9c500ccd1

-----------------------------------------------------------------------

commit 95d74c6ab7158729ca9f7c4ff140dc687a8a40d2
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date:   Wed, 21 Nov 2018 11:12:07 -0500

Must use addslashes here.

We don't want the entire string single quoted.

 M lib/Horde/Image/Im.php

https://github.com/horde/Image/commit/95d74c6ab7158729ca9f7c4ff140dc687a8a40d2


More information about the commits mailing list