[commits] Image branch FRAMEWORK_5_2 updated. 95d74c6ab7158729ca9f7c4ff140dc687a8a40d2
Michael J. Rubinsky
mrubinsk at horde.org
Wed Nov 21 16:12:13 UTC 2018
The branch "FRAMEWORK_5_2" has been updated.
The following is a summary of the commits.
from: c790839e7f7c33121626aa49278a039a5e282768
2f39693 Sanitize more arguments to protect against RCE.
e254f50 Fix escaping in Watermark effect.
95d74c6 Must use addslashes here.
Summary: https://github.com/horde/Image/compare/c790839e7f7c...95d74c6ab715
-----------------------------------------------------------------------
commit 2f3969305ebdad5704032f2ef5fc732cfc5ff1b8
Author: farisv <fvidyan at gmail.com>
Date: Wed, 21 Nov 2018 11:11:43 -0500
Sanitize more arguments to protect against RCE.
M lib/Horde/Image/Im.php
https://github.com/horde/Image/commit/2f3969305ebdad5704032f2ef5fc732cfc5ff1b8
-----------------------------------------------------------------------
commit e254f500d8dbd7f4f3afafc6d131e9b9c500ccd1
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date: Wed, 21 Nov 2018 11:11:55 -0500
Fix escaping in Watermark effect.
Current escaping breaks the command by wrapping the already double
quoted value in single quotes, and potentially unevenly escaping
quote characters in the string.
M lib/Horde/Image/Effect/Im/TextWatermark.php
https://github.com/horde/Image/commit/e254f500d8dbd7f4f3afafc6d131e9b9c500ccd1
-----------------------------------------------------------------------
commit 95d74c6ab7158729ca9f7c4ff140dc687a8a40d2
Author: Michael J Rubinsky <mrubinsk at horde.org>
Date: Wed, 21 Nov 2018 11:12:07 -0500
Must use addslashes here.
We don't want the entire string single quoted.
M lib/Horde/Image/Im.php
https://github.com/horde/Image/commit/95d74c6ab7158729ca9f7c4ff140dc687a8a40d2
More information about the commits
mailing list