/[packages]/updates/1/php-ZendFramework/current/SOURCES/ZendFramework-1.11.11-CVE-2012-3363.diff
ViewVC logotype

Contents of /updates/1/php-ZendFramework/current/SOURCES/ZendFramework-1.11.11-CVE-2012-3363.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 300298 - (show annotations) (download)
Sat Sep 29 17:19:19 2012 UTC (11 years, 6 months ago) by spuhler
File size: 3798 byte(s) 
added 1.11.11-CVE-2012-3363 patch
1 --- ZendFramework-1.11.11/library/Zend/XmlRpc/Response.php 2012-07-10 14:56:04.422364249 -0400
2 +++ ZendFramework-1.11.12/library/Zend/XmlRpc/Response.php 2012-06-19 12:03:28.000000000 -0400
3 @@ -14,7 +14,7 @@
4 *
5 * @category Zend
6 * @package Zend_Controller
7 - * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
8 + * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
9 * @license http://framework.zend.com/license/new-bsd New BSD License
10 */
11
12 @@ -35,9 +35,9 @@
13 *
14 * @category Zend
15 * @package Zend_XmlRpc
16 - * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
17 + * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
18 * @license http://framework.zend.com/license/new-bsd New BSD License
19 - * @version $Id: Response.php 23775 2011-03-01 17:25:24Z ralph $
20 + * @version $Id: Response.php 24976 2012-06-19 16:03:28Z matthew $
21 */
22 class Zend_XmlRpc_Response
23 {
24 @@ -176,11 +176,15 @@
25 return false;
26 }
27
28 + // @see ZF-12293 - disable external entities for security purposes
29 + $loadEntities = libxml_disable_entity_loader(true);
30 + $useInternalXmlErrors = libxml_use_internal_errors(true);
31 try {
32 - $useInternalXmlErrors = libxml_use_internal_errors(true);
33 $xml = new SimpleXMLElement($response);
34 + libxml_disable_entity_loader($loadEntities);
35 libxml_use_internal_errors($useInternalXmlErrors);
36 } catch (Exception $e) {
37 + libxml_disable_entity_loader($loadEntities);
38 libxml_use_internal_errors($useInternalXmlErrors);
39 // Not valid XML
40 $this->_fault = new Zend_XmlRpc_Fault(651);
41 @@ -205,6 +209,7 @@
42
43 try {
44 if (!isset($xml->params) || !isset($xml->params->param) || !isset($xml->params->param->value)) {
45 + require_once 'Zend/XmlRpc/Value/Exception.php';
46 throw new Zend_XmlRpc_Value_Exception('Missing XML-RPC value in XML');
47 }
48 $valueXml = $xml->params->param->value->asXML();
49 --- ZendFramework-1.11.11/library/Zend/XmlRpc/Request.php 2011-03-01 12:25:24.000000000 -0500
50 +++ ZendFramework-1.11.12/library/Zend/XmlRpc/Request.php 2012-06-19 12:03:28.000000000 -0400
51 @@ -14,7 +14,7 @@
52 *
53 * @category Zend
54 * @package Zend_Controller
55 - * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
56 + * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
57 * @license http://framework.zend.com/license/new-bsd New BSD License
58 */
59
60 @@ -41,9 +41,9 @@
61 *
62 * @category Zend
63 * @package Zend_XmlRpc
64 - * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
65 + * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
66 * @license http://framework.zend.com/license/new-bsd New BSD License
67 - * @version $Id: Request.php 23775 2011-03-01 17:25:24Z ralph $
68 + * @version $Id: Request.php 24976 2012-06-19 16:03:28Z matthew $
69 */
70 class Zend_XmlRpc_Request
71 {
72 @@ -303,12 +303,16 @@
73 return false;
74 }
75
76 + // @see ZF-12293 - disable external entities for security purposes
77 + $loadEntities = libxml_disable_entity_loader(true);
78 try {
79 $xml = new SimpleXMLElement($request);
80 + libxml_disable_entity_loader($loadEntities);
81 } catch (Exception $e) {
82 // Not valid XML
83 $this->_fault = new Zend_XmlRpc_Fault(631);
84 $this->_fault->setEncoding($this->getEncoding());
85 + libxml_disable_entity_loader($loadEntities);
86 return false;
87 }
88
  ViewVC Help
Powered by ViewVC 1.1.30