View | Details | Raw Unified | Return to bug 197588 | Differences between
and this patch

Collapse All | Expand All

(-)./files/patch-lib__MT.pm (+31 lines)
Line 0 Link Here
1
--- lib/MT.pm.orig	2014-12-11 01:28:20.000000000 +0900
2
+++ lib/MT.pm	2015-02-13 11:22:27.000000000 +0900
3
@@ -39,8 +39,8 @@
4
         )
5
         = (
6
         'Movable Type',   'MT',
7
-        '5.2.11',              '5.2.11-ru',
8
-        '11', 'http://movable-type.ru/'
9
+        '5.2.12',              '5.2.12-ru',
10
+        '12', 'http://movable-type.ru/'
11
         );
12
 
13
   # To allow MT to run straight from svn, if no build process (pre-processing)
14
@@ -56,7 +56,7 @@
15
     }
16
 
17
     if ( $RELEASE_NUMBER eq '__RELEASE' . '_NUMBER__' ) {
18
-        $RELEASE_NUMBER = 11;
19
+        $RELEASE_NUMBER = 12;
20
     }
21
 
22
     $DebugMode = 0;
23
@@ -124,7 +124,7 @@
24
 }
25
 
26
 sub build_id {
27
-    my $build_id = '5.2.11-ru';
28
+    my $build_id = '5.2.12-ru';
29
     $build_id = '' if $build_id eq '__BUILD_' . 'ID__';
30
     return $build_id;
31
 }
(-)./files/patch-lib__MT__App__Upgrader.pm (+13 lines)
Line 0 Link Here
1
--- lib/MT/App/Upgrader.pm.orig	2014-12-11 01:26:51.000000000 +0900
2
+++ lib/MT/App/Upgrader.pm	2015-02-13 11:11:10.000000000 +0900
3
@@ -671,6 +671,10 @@
4
         $data = pack 'H*', $data;
5
         require MT::Serialize;
6
         my $ser    = MT::Serialize->new('MT');
7
+        my $ser_ver = $ser->serializer_version($data);
8
+        if ( !$ser_ver || $ser_ver != $MT::Serialize::SERIALIZER_VERSION ) {
9
+            die $app->translate('Invalid parameter.');
10
+        }
11
         my $thawed = $ser->unserialize($data);
12
         if ($thawed) {
13
             my $saved_cfg = $$thawed;
(-)./files/patch-lib__MT__App__Wizard.pm (+13 lines)
Line 0 Link Here
1
--- lib/MT/App/Wizard.pm.orig	2014-12-11 01:26:51.000000000 +0900
2
+++ lib/MT/App/Wizard.pm	2015-02-13 11:13:16.000000000 +0900
3
@@ -1252,6 +1252,10 @@
4
         $data = pack 'H*', $data;
5
         require MT::Serialize;
6
         my $ser    = MT::Serialize->new('MT');
7
+        my $ser_ver = $ser->serializer_version($data);
8
+        if ( !$ser_ver || $ser_ver != $MT::Serialize::SERIALIZER_VERSION ) {
9
+            die $app->translate('Invalid parameter.');
10
+        }
11
         my $thawed = $ser->unserialize($data);
12
         if ($thawed) {
13
             my $saved_cfg = $$thawed;
(-)./files/patch-lib__MT__BackupRestore__BackupFileHandler.pm (+34 lines)
Line 0 Link Here
1
--- lib/MT/BackupRestore/BackupFileHandler.pm.orig	2014-12-11 01:26:51.000000000 +0900
2
+++ lib/MT/BackupRestore/BackupFileHandler.pm	2015-02-13 11:14:50.000000000 +0900
3
@@ -409,6 +409,15 @@
4
                 if ( 'blob' eq $defs->{$column_name}->{type} ) {
5
                     $text = MIME::Base64::decode_base64($text);
6
                     if ( substr( $text, 0, 4 ) eq 'SERG' ) {
7
+                        my $ser_ver
8
+                            = MT::Serialize->serializer_version($text);
9
+                        if ( $ser_ver == 3 ) {
10
+                            my $conf_ver = lc MT->config->Serializer;
11
+                            if ( ( $conf_ver ne 'storable' ) && ( $conf_ver ne 'mts' ) ) {
12
+                                $self->{critical} = 1;
13
+                                die MT->translate('Invalid serializer version was specified.');
14
+                            }
15
+                        }
16
                         $text = MT::Serialize->unserialize($text);
17
                         $obj->$column_name($$text);
18
                     }
19
@@ -424,6 +433,15 @@
20
                 if ( my $type = $metacolumns->{$column_name} ) {
21
                     if ( 'vblob' eq $type ) {
22
                         $text = MIME::Base64::decode_base64($text);
23
+                        my $ser_ver
24
+                            = MT::Serialize->serializer_version($text);
25
+                        if ( $ser_ver == 3 ) {
26
+                            my $conf_ver = lc MT->config->Serializer;
27
+                            if ( ( $conf_ver ne 'storable' ) && ( $conf_ver ne 'mts' ) ) {
28
+                                $self->{critical} = 1;
29
+                                die MT->translate('Invalid serializer version was specified.');
30
+                            }
31
+                        }
32
                         $text = MT::Serialize->unserialize($text);
33
                         $obj->$column_name($$text);
34
                     }
(-)./files/patch-lib__MT__Serialize.pm (+92 lines)
Line 0 Link Here
1
--- lib/MT/XMLRPCServer.pm.orig	2014-12-11 01:26:51.000000000 +0900
2
+++ lib/MT/XMLRPCServer.pm	2015-02-13 11:21:09.000000000 +0900
3
@@ -495,7 +495,18 @@
4
     }
5
 
6
     _validate_params( [ $blog_id, $user, $pass, $publish ] ) or return;
7
-    _validate_params( [ values %$item ] ) or return;
8
+    my $values;
9
+    foreach my $k ( keys %$item ) {
10
+        if ( 'categories' eq $k || 'mt_tb_ping_urls' eq $k ) {
11
+
12
+            # XMLRPC supports categories array and mt_tb_ping_urls array
13
+            _validate_params( \@{ $item->{$k} } ) or return;
14
+        }
15
+        else {
16
+            push @$values, $item->{$k};
17
+        }
18
+    }
19
+    _validate_params( \@$values ) or return;
20
 
21
     $class->_new_entry(
22
         blog_id => $blog_id,
23
@@ -511,7 +522,18 @@
24
     my ( $blog_id, $user, $pass, $item, $publish ) = @_;
25
 
26
     _validate_params( [ $blog_id, $user, $pass, $publish ] ) or return;
27
-    _validate_params( [ values %$item ] ) or return;
28
+    my $values;
29
+    foreach my $k ( keys %$item ) {
30
+        if ( 'mt_tb_ping_urls' eq $k ) {
31
+
32
+            # XMLRPC supports mt_tb_ping_urls array
33
+            _validate_params( \@{ $item->{$k} } ) or return;
34
+        }
35
+        else {
36
+            push @$values, $item->{$k};
37
+        }
38
+    }
39
+    _validate_params( \@$values ) or return;
40
 
41
     $class->_new_entry(
42
         blog_id => $blog_id,
43
@@ -663,7 +685,18 @@
44
     }
45
 
46
     _validate_params( [ $entry_id, $user, $pass, $publish ] ) or return;
47
-    _validate_params( [ values %$item ] ) or return;
48
+    my $values;
49
+    foreach my $k ( keys %$item ) {
50
+        if ( 'categories' eq $k || 'mt_tb_ping_urls' eq $k ) {
51
+
52
+            # XMLRPC supports categories array and mt_tb_ping_urls array
53
+            _validate_params( \@{ $item->{$k} } ) or return;
54
+        }
55
+        else {
56
+            push @$values, $item->{$k};
57
+        }
58
+    }
59
+    _validate_params( \@$values ) or return;
60
 
61
     $class->_edit_entry(
62
         entry_id => $entry_id,
63
@@ -680,7 +713,18 @@
64
 
65
     _validate_params( [ $blog_id, $entry_id, $user, $pass, $publish ] )
66
         or return;
67
-    _validate_params( [ values %$item ] ) or return;
68
+    my $values;
69
+    foreach my $k ( keys %$item ) {
70
+        if ( 'mt_tb_ping_urls' eq $k ) {
71
+
72
+            # XMLRPC supports mt_tb_ping_urls array
73
+            _validate_params( \@{ $item->{$k} } ) or return;
74
+        }
75
+        else {
76
+            push @$values, $item->{$k};
77
+        }
78
+    }
79
+    _validate_params( \@$values ) or return;
80
 
81
     $class->_edit_entry(
82
         blog_id  => $blog_id,
83
@@ -1493,8 +1537,7 @@
84
     }
85
 
86
     my $local_file = File::Spec->catfile( $blog->site_path, $file->{name} );
87
-    my $ext
88
-        = ( File::Basename::fileparse( $local_file, qr/[A-Za-z0-9]+$/ ) )[2];
89
+    my $ext = ( File::Basename::fileparse( $local_file, qr/[A-Za-z0-9]+$/ ) )[2];
90
     require MT::Asset::Image;
91
     if ( MT::Asset::Image->can_handle($ext) ) {
92
         require MT::Image;
(-)./files/patch-mt-check.cgi (+14 lines)
Line 0 Link Here
1
--- mt-check.cgi.orig	2014-12-11 01:28:20.000000000 +0900
2
+++ mt-check.cgi	2015-02-13 11:23:25.000000000 +0900
3
@@ -97,9 +97,9 @@
4
 my $view    = $cgi->param("view");
5
 my $version = $cgi->param("version");
6
 my $sess_id = $cgi->param('session_id');
7
-$version ||= '5.2.11-ru';
8
+$version ||= '5.2.12-ru';
9
 if ( $version eq '__PRODUCT_VERSION' . '_ID__' ) {
10
-    $version = '5.2.11';
11
+    $version = '5.2.12';
12
 }
13
 
14
 my ( $mt, $LH );
(-)./files/patch-mt-static__css__main.css (+8 lines)
Line 0 Link Here
1
--- mt-static/css/main.css.orig	2014-12-11 01:28:23.000000000 +0900
2
+++ mt-static/css/main.css	2015-02-13 11:24:07.000000000 +0900
3
@@ -1,4 +1,4 @@
4
-/* Movable Type (r) Open Source (C) 2001-2014 Six Apart, Ltd.
5
+/* Movable Type (r) Open Source (C) 2001-2015 Six Apart, Ltd.
6
  * This file is combined from multiple sources.  Consult the source files for their
7
  * respective licenses and copyrights.
8
  */html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;}body{margin:0;}h1,
(-)./files/patch-mt-static__css__simple.css (+8 lines)
Line 0 Link Here
1
--- mt-static/css/simple.css.orig	2014-12-11 01:28:24.000000000 +0900
2
+++ mt-static/css/simple.css	2015-02-13 11:25:05.000000000 +0900
3
@@ -1,4 +1,4 @@
4
-/* Movable Type (r) Open Source (C) 2001-2014 Six Apart, Ltd.
5
+/* Movable Type (r) Open Source (C) 2001-2015 Six Apart, Ltd.
6
  * This file is combined from multiple sources.  Consult the source files for their
7
  * respective licenses and copyrights.
8
  */html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;}body{margin:0;}h1,
(-)./files/patch-mt-static__js__editor.js (+8 lines)
Line 0 Link Here
1
--- mt-static/js/editor.js.orig	2014-12-11 01:28:22.000000000 +0900
2
+++ mt-static/js/editor.js	2015-02-13 11:25:40.000000000 +0900
3
@@ -1,4 +1,4 @@
4
-/* Movable Type (r) Open Source (C) 2001-2014 Six Apart, Ltd.
5
+/* Movable Type (r) Open Source (C) 2001-2015 Six Apart, Ltd.
6
  * This file is combined from multiple sources.  Consult the source files for their
7
  * respective licenses and copyrights.
8
  */;(function($){MT.EditorManager=function(){this.init.apply(this,arguments);};$.extend(MT.EditorManager,{editors:{},editorsForFormat:{},map:{},defaultWrapTag:'div',defaultWrapClass:'mt-editor-manager-wrap',register:function(id,editor){var thisConstructor=this;this.editors[id]=editor;$.each(editor.formatsForCurrentContext(),function(){if(!thisConstructor.editorsForFormat[this]){thisConstructor.editorsForFormat[this]=[];}
(-)./files/patch-mt-static_js_mt_core_compact.js (+8 lines)
Line 0 Link Here
1
--- mt-static/js/mt_core_compact.js.orig	2014-12-11 01:28:22.000000000 +0900
2
+++ mt-static/js/mt_core_compact.js	2015-02-13 11:26:17.000000000 +0900
3
@@ -1,4 +1,4 @@
4
-/* Movable Type (r) Open Source (C) 2001-2014 Six Apart, Ltd.
5
+/* Movable Type (r) Open Source (C) 2001-2015 Six Apart, Ltd.
6
  * This file is combined from multiple sources.  Consult the source files for their
7
  * respective licenses and copyrights.
8
  */defined=function(x){return x!==undefined;};exists=function(x){return(x===undefined||x===null)?false:true;};truth=function(x){return(x&&x!="0")?true:false;};finite=function(x){return isFinite(x)?x:0;};finiteInt=function(x,b){return finite(parseInt(x,b));};finiteFloat=function(x){return finite(parseFloat(x));};max=function(){var a=arguments;var n=a[0];for(var i=1;i<a.length;i++)
(-)./files/patch-php_mt.php (+24 lines)
Line 0 Link Here
1
--- php/mt.php.orig	2014-12-11 01:28:20.000000000 +0900
2
+++ php/mt.php	2015-02-13 11:27:05.000000000 +0900
3
@@ -11,7 +11,7 @@
4
 require_once('lib/class.exception.php');
5
 
6
 define('VERSION', '5.2');
7
-define('PRODUCT_VERSION', '5.2.11');
8
+define('PRODUCT_VERSION', '5.2.12');
9
 
10
 $PRODUCT_NAME = 'Movable Type';
11
 if($PRODUCT_NAME == '__PRODUCT' . '_NAME__')
12
@@ -20,10 +20,10 @@
13
 
14
 $RELEASE_NUMBER = '11';
15
 if ( $RELEASE_NUMBER == '__RELEASE_' . 'NUMBER__' )
16
-    $RELEASE_NUMBER = 11;
17
+    $RELEASE_NUMBER = 12;
18
 define('RELEASE_NUMBER', $RELEASE_NUMBER);
19
 
20
-$PRODUCT_VERSION_ID = '5.2.11-ru';
21
+$PRODUCT_VERSION_ID = '5.2.12-ru';
22
 if ( $PRODUCT_VERSION_ID == '__PRODUCT_' . 'VERSION_ID__' )
23
     $PRODUCT_VERSION_ID = PRODUCT_VERSION;
24
 $VERSION_STRING;

Return to bug 197588