stable

Clone or download

Read-only

request #10118: Remote code execution through object unserialization of a user's recent elements

The CVE-ID CVE-2017-7411 has been assigned to this issue. Change-Id: Ia6bed7dda9fb4e0f07dad4ec5de0e4341b9da064

Modified Files

Name
M plugins/tracker/db/install.sql +8 −0 Go to diff View file
A plugins/tracker/db/mysql/updates/2017/201704041400_add_recently_visited_table.php +51 −0 Go to diff View file
M plugins/tracker/db/uninstall.sql +2 −0 Go to diff View file
A plugins/tracker/include/Tracker/Artifact/RecentlyVisited/RecentlyVisitedDao.php +79 −0 Go to diff View file
A plugins/tracker/include/Tracker/Artifact/RecentlyVisited/VisitRecorder.php +42 −0 Go to diff View file
A plugins/tracker/include/Tracker/Artifact/RecentlyVisited/VisitRetriever.php +54 −0 Go to diff View file
M plugins/tracker/include/Tracker/Artifact/Renderer/CopyRenderer.class.php +5 −3 Go to diff View file
M plugins/tracker/include/Tracker/Artifact/Renderer/EditAbstractRenderer.class.php +12 −6 Go to diff View file
M plugins/tracker/include/Tracker/Artifact/Renderer/EditRenderer.class.php +5 −3 Go to diff View file
M plugins/tracker/include/Tracker/Artifact/Tracker_Artifact.class.php +15 −3 Go to diff View file
M plugins/tracker/include/Tracker/Tracker.class.php +30 −9 Go to diff View file
M plugins/tracker/include/autoload.php +5 −2 Go to diff View file
M src/common/user/User.class.php +0 −57 Go to diff View file
A src/db/mysql/updates/2017/201704041400_clean_recent_element_user_preferences.php +44 −0 Go to diff View file
M tests/simpletest/common/user/UserTest.php +0 −62 Go to diff View file