Dotclear


Ignore:
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • .hgtags

    r2580 r2637  
    1818dc51785c0e18369445c71dfdc268c6034e61f681 2.6.0 
    1919185f7650c1d86e4a5680c2d3b1da5628253091f5 2.6.1 
     201f8978ee39fc70bf9a6c345cf3b550722b819173 2.6.2 

  • CHANGELOG

    r2578 r2636  
     1Dotclear 2.6.2 - 2014-01-20 
     2=========================================================== 
     3* Security fix: Fixed potential code injection on password protected post/page. Thanks to Charlie Briggs 
     4* Bugfix: cope with numeric module (plugin/theme) id 
     5* Bugfix: Bad SQL syntax when using SQLite 
     6* Bugfix: BlogParentThemeURL template value is back 
     7* Various bug fixes 
     8 
    19Dotclear 2.6.1 - 2013-11-22 
    210=========================================================== 

  • admin/categories.php

    r2567 r2710  
    7373 
    7474     foreach ($categories as $category) { 
    75           if (!empty($category->item_id)) { 
     75          if (!empty($category->item_id) && !empty($category->left) && !empty($category->right)) { 
    7676               $core->blog->updCategoryPosition($category->item_id, $category->left, $category->right); 
    7777          } 

  • inc/core/class.dc.categories.php

    r2566 r2707  
    190190        public function updatePosition($id,$left,$right) 
    191191        { 
     192               $node_left = (integer) $left; 
     193               $node_right = (integer) $right; 
     194               $node_id = (integer) $id; 
    192195                $sql = 'UPDATE '.$this->table.' SET ' 
    193                         .$this->f_left.' = '.$left.', ' 
    194                         .$this->f_right.' = '.$right 
    195                         .' WHERE '.$this->f_id .' = '.(integer) $id 
     196                        .$this->f_left.' = '.$node_left.', ' 
     197                        .$this->f_right.' = '.$node_right 
     198                        .' WHERE '.$this->f_id .' = '.$node_id 
    196199                        .$this->getCondition(); 
    197200 

  • inc/core/class.dc.xmlrpc.php

    r2566 r2709  
    264264     private function setUser($user_id,$pwd) 
    265265     { 
    266           if ($this->core->auth->userID() == $user_id) { 
    267                return true; 
    268           } 
    269  
    270           if ($this->core->auth->checkUser($user_id,$pwd) !== true) { 
     266          if (empty($pwd) || $this->core->auth->checkUser($user_id,$pwd) !== true) { 
    271267               throw new Exception('Login error'); 
    272268          } 
Note: See TracChangeset for help on using the changeset viewer.

Sites map