diff options
-rw-r--r-- | ocsinventory-dbconf.patch | 88 | ||||
-rw-r--r-- | ocsinventory-deprecated.patch | 78 | ||||
-rw-r--r-- | ocsinventory-reports.conf | 9 | ||||
-rw-r--r-- | ocsinventory-upgrade.patch | 49 | ||||
-rw-r--r-- | ocsinventory.spec | 18 |
5 files changed, 87 insertions, 155 deletions
diff --git a/ocsinventory-dbconf.patch b/ocsinventory-dbconf.patch deleted file mode 100644 index 2312f8a..0000000 --- a/ocsinventory-dbconf.patch +++ /dev/null @@ -1,88 +0,0 @@ -diff -up ocsreports/install.php.var ocsreports/install.php ---- ocsreports/install.php.var 2011-10-31 08:42:38.914660647 +0100 -+++ ocsreports/install.php 2011-10-31 08:44:55.353669573 +0100 -@@ -96,9 +96,9 @@ if( isset($_POST["name"])) { - else - $instOk = true; - } --if( $hnd = @fopen("dbconfig.inc.php", "r") ) { -+if( $hnd = @fopen(CONF_MYSQL, "r") ) { - fclose($hnd); -- require("dbconfig.inc.php"); -+ require(CONF_MYSQL); - if (defined('COMPTE_BASE')) { // Upgrade from 2.0.x - $valNme = COMPTE_BASE; - } else if (isset($_SESSION["COMPTE_BASE"])) { // Upgrade from 1.3.x -@@ -188,7 +188,7 @@ if($_POST["fin"]=="fin") { - . "</b><br></font></center>"; - - echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>"; -- unlink("dbconfig.inc.php"); -+ unlink(CONF_MYSQL); - } - else { - msg_success("<b>" . $l->g(2050) . "</b><br><br><b><a href='index.php'>" . $l->g(2051) . "</a></b>"); -@@ -197,7 +197,7 @@ if($_POST["fin"]=="fin") { - } - - --if(!$ch = @fopen("dbconfig.inc.php","w")) { -+if(!$ch = @fopen(CONF_MYSQL,"w")) { - echo "<br><center><font color=red><b>" . $l->g(2052) . "</b></font></center>"; - die(); - } -@@ -424,7 +424,7 @@ if( ! $erralter ) { - - if($nberr) { - echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>"; -- unlink("dbconfig.inc.php"); -+ unlink(CONF_MYSQL); - die(); - } - $nberr=0; -@@ -469,7 +469,7 @@ foreach($filenames as $fil) { - " " . $l->g(2068) . - "</b></font></center>"; - echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>"; -- unlink("dbconfig.inc.php"); -+ unlink(CONF_MYSQL); - die(); - } - echo "<br><center><font color=red><b>" . $l->g(2001) . -@@ -505,7 +505,7 @@ else - - if($nberr) { - echo "<br><center><font color=red><b>" . $l->g(2065) . "</b></font></center>"; -- unlink("dbconfig.inc.php"); -+ unlink(CONF_MYSQL); - die(); - } - -diff -up ocsreports/require/header.php.var ocsreports/require/header.php ---- ocsreports/require/header.php.var 2011-10-31 08:42:31.249548540 +0100 -+++ ocsreports/require/header.php 2011-10-31 08:43:52.704407954 +0100 -@@ -25,7 +25,6 @@ if(substr($_SERVER['DOCUMENT_ROOT'],-1) - }else{ - define("DOCUMENT_ROOT",$_SERVER['DOCUMENT_ROOT']); - } --//echo DOCUMENT_ROOT."<br>".DOCUMENT_REAL_ROOT; - //print_r($_SERVER); - - if ($_SESSION['OCS']['LOG_GUI'] == 1){ -@@ -72,14 +71,14 @@ if (isset($_POST['LOGOUT']) and $_POST[' - } - - /***************************************************** First installation checking *********************************************************/ --if( (!$fconf=@fopen("dbconfig.inc.php","r")) -+if( (!$fconf=@fopen(CONF_MYSQL,"r")) - || (!function_exists('session_start')) - || (!function_exists('mysql_connect')) ) { - require('install.php'); - die(); - } - else{ -- require_once('dbconfig.inc.php'); -+ require_once(CONF_MYSQL); - fclose($fconf); - } - diff --git a/ocsinventory-deprecated.patch b/ocsinventory-deprecated.patch new file mode 100644 index 0000000..de46c86 --- /dev/null +++ b/ocsinventory-deprecated.patch @@ -0,0 +1,78 @@ +diff -up ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig ocsreports/plugins/main_sections/ms_dict/ms_dict.php +--- ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig 2011-11-28 17:54:50.000000000 +0100 ++++ ocsreports/plugins/main_sections/ms_dict/ms_dict.php 2011-11-28 17:55:45.000000000 +0100 +@@ -37,8 +37,8 @@ if ($protectedPost['RESET']=="RESET") + unset($protectedPost['search']); + //filtre + if ($protectedPost['search']){ +- $search_cache=" and cache.name like '%".mysql_escape_string($protectedPost['search'])."%' "; +- $search_count=" and extracted like '%".mysql_escape_string($protectedPost['search'])."%' "; ++ $search_cache=" and cache.name like '%".mysql_real_escape_string($protectedPost['search'])."%' "; ++ $search_count=" and extracted like '%".mysql_real_escape_string($protectedPost['search'])."%' "; + } + else{ + $search=""; +@@ -123,7 +123,7 @@ if ($protectedPost['onglet'] == 'CAT'){ + } + $querydico=substr($querydico,0,-1); + $querydico .= " from dico_soft left join ".$table." cache on dico_soft.extracted=cache.name +- where formatted='".mysql_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED"; ++ where formatted='".mysql_real_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED"; + } + /*******************************************************CAS OF NEW*******************************************************/ + if ($protectedPost['onglet'] == 'NEW'){ +@@ -311,4 +311,4 @@ echo "<input type='hidden' name='RESET' + echo "<input type='hidden' name='TRANS' id='TRANS' value=''>"; + echo "<input type='hidden' name='SUP_CAT' id='SUP_CAT' value=''>"; + echo "</form>"; +-?> +\ Pas de fin de ligne à la fin du fichier. ++?> +diff -up ocsreports/require/function_dico.php.orig ocsreports/require/function_dico.php +--- ocsreports/require/function_dico.php.orig 2011-11-28 17:56:55.000000000 +0100 ++++ ocsreports/require/function_dico.php 2011-11-28 17:57:01.000000000 +0100 +@@ -46,7 +46,7 @@ function trans($onglet,$list_soft,$affec + $table="softwares"; + //verif is this cat exist + if ($new_cat != ''){ +- $sql_verif="select extracted from dico_soft where formatted ='".mysql_escape_string($new_cat)."'"; ++ $sql_verif="select extracted from dico_soft where formatted ='".mysql_real_escape_string($new_cat)."'"; + $result_search_soft = mysql_query( $sql_verif, $_SESSION['OCS']["readServer"]); + $item_search_soft = mysql_fetch_object($result_search_soft); + if (isset($item_search_soft->extracted) or $new_cat == "IGNORED" or $new_cat == "UNCHANGED"){ +@@ -71,10 +71,10 @@ function trans($onglet,$list_soft,$affec + }elseif($exist_cat == "UNCHANGED"){ + $sql="insert dico_soft (extracted,formatted) select distinct NAME,NAME from ".$table." where ID in (".implode(",",$list_soft).")"; + }else +- $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")"; ++ $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")"; + }else{ + if (!isset($already_exist)){ +- $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")"; ++ $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")"; + }else + echo "<script>alert('".$l->g(771)."')</script>"; + } +diff -up ocsreports/require/function_table_html.php.orig ocsreports/require/function_table_html.php +--- ocsreports/require/function_table_html.php.orig 2011-11-28 17:57:10.000000000 +0100 ++++ ocsreports/require/function_table_html.php 2011-11-28 17:57:38.000000000 +0100 +@@ -163,7 +163,7 @@ function escape_string($array){ + function xml_escape_string($array){ + foreach ($array as $key=>$value){ + $trait_array[$key]=xml_encode($value); +- //$trait_array[$key]=mysql_escape_string($value); ++ //$trait_array[$key]=mysql_real_escape_string($value); + } + return ($trait_array); + } +@@ -801,8 +801,8 @@ function onglet($def_onglets,$form_name, + $current=1; + } + }else{ +- //echo "<script>alert('".mysql_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>"; +- if (mysql_escape_string(stripslashes($protectedPost[$post_name])) === mysql_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){ ++ //echo "<script>alert('".mysql_real_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>"; ++ if (mysql_real_escape_string(stripslashes($protectedPost[$post_name])) === mysql_real_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){ + echo "id='current'"; + $current=1; + } diff --git a/ocsinventory-reports.conf b/ocsinventory-reports.conf index 331f5ad..2c2b86c 100644 --- a/ocsinventory-reports.conf +++ b/ocsinventory-reports.conf @@ -60,14 +60,5 @@ Alias OCSREPORTS_ALIAS PATH_TO_OCSREPORTS_DIR # Alias PACKAGES_ALIAS PATH_TO_PACKAGES_DIR -################################################################################ -# Snmp communities area -# -# Alias to put Snmp communities reference file (snmp_com.txt) outside Apache document root directory -# -# Uncomment this Alias to allow SNMP discovery feature -# WARNING this file, with communities definition, will be publicly available -#Alias SNMP_ALIAS PATH_TO_SNMP_DIR - #</VirtualHost> diff --git a/ocsinventory-upgrade.patch b/ocsinventory-upgrade.patch deleted file mode 100644 index bd8626a..0000000 --- a/ocsinventory-upgrade.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -up ocsreports/install.php.orig ocsreports/install.php ---- ocsreports/install.php.orig 2011-10-27 18:04:00.011717775 +0200 -+++ ocsreports/install.php 2011-10-27 18:16:38.947261089 +0200 -@@ -99,10 +99,32 @@ if( isset($_POST["name"])) { - if( $hnd = @fopen("dbconfig.inc.php", "r") ) { - fclose($hnd); - require("dbconfig.inc.php"); -- $valNme = COMPTE_BASE; -- $valPass = PSWD_BASE; -- $valServ = SERVER_WRITE; -- $valdatabase = DB_NAME; -+ if (defined('COMPTE_BASE')) { // Upgrade from 2.0.x -+ $valNme = COMPTE_BASE; -+ } else if (isset($_SESSION["COMPTE_BASE"])) { // Upgrade from 1.3.x -+ $valNme = $_SESSION["COMPTE_BASE"]; -+ } else { // Fresh install -+ $valNme = ''; -+ } -+ if (defined('PSWD_BASE')) { -+ $valPass = PSWD_BASE; -+ } else if (isset($_SESSION["PSWD_BASE"])) { -+ $valPass = $_SESSION["PSWD_BASE"]; -+ } else { -+ $valPass = ''; -+ } -+ if (defined('SERVER_WRITE')) { -+ $valServ = SERVER_WRITE; -+ } else if (isset($_SESSION["SERVEUR_SQL"])) { -+ $valServ = $_SESSION["SERVEUR_SQL"]; -+ } else { -+ $valServ = ''; -+ } -+ if (defined('DB_NAME')) { -+ $valdatabase = DB_NAME; -+ } else { // Upgrade from 1.3.x -+ $valdatabase = 'ocsweb'; -+ } - } - - if( ! $instOk ) { -@@ -113,7 +135,7 @@ if( ! $instOk ) { - $name_field=array("name","pass","database","host"); - $tab_name= array($l->g(247).": ",$l->g(248).": ",$l->g(1233).":",$l->g(250).":"); - $type_field= array(0,4,0,0); -- $value_field=array($valNme,$valPass,(isset($valdatabase) && $valdatabase!= 'DB_NAME'? $valdatabase: "ocsweb"),$valServ); -+ $value_field=array($valNme,$valPass,$valdatabase,$valServ); - - $tab_typ_champ=show_field($name_field,$type_field,$value_field); - tab_modif_values($tab_name,$tab_typ_champ,$tab_hidden,$title="",$comment="",$name_button="INSTALL",$showbutton='BUTTON',$form_name); diff --git a/ocsinventory.spec b/ocsinventory.spec index 9bded84..5b32e60 100644 --- a/ocsinventory.spec +++ b/ocsinventory.spec @@ -11,8 +11,8 @@ Name: ocsinventory Summary: Open Computer and Software Inventory Next Generation -Version: 2.0.2 -Release: 1%{?dist}.3 +Version: 2.0.3 +Release: 1%{?dist} Group: Applications/Internet License: GPLv2 @@ -22,12 +22,8 @@ URL: http://www.ocsinventory-ng.org/ Source0: http://launchpad.net/ocsinventory-server/stable-2.0/%{version}/+download/%{tarname}-%{version}.tar.gz Source1: ocsinventory-reports.conf -# Manage upgrade from 1.3.x -# http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/revision/794 -Patch0: %{name}-upgrade.patch -# Use CONF_MYSQL everywhere -# http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/revision/796 -Patch1: %{name}-dbconf.patch +# s/mysql_escape_string/mysql_real_escape_string/ +Patch0: %{name}-deprecated.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -136,7 +132,6 @@ navigateur favori. %setup -q -n %{tarname}-%{version} %patch0 -p0 -%patch1 -p0 chmod -x binutils/ocs-errors @@ -320,6 +315,11 @@ fi %changelog +* Mon Nov 28 2011 Remi Collet <Fedora@famillecollet.com> - 2.0.3-1 +- update to 2.0.3 +- drop patches merged upstream +- add patch for mysql_escape_string calls + * Mon Oct 31 2011 Remi Collet <Fedora@famillecollet.com> - 2.0.2-1.3 - provides external-agents.conf (OCS_OPT_EXT_USERAGENTS_FILE_PATH) |