OSDN Git Service

(root) / pukiwiki / pukiwiki.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c6ff3c3)
Added about OS command injection
authorhenoheno <henoheno>
Tue, 30 May 2006 14:51:25 +0000 (23:51 +0900)
committerhenoheno <henoheno>
Tue, 30 May 2006 14:51:25 +0000 (23:51 +0900)
UPDATING.txt patch | blob | history

diff --git a/UPDATING.txt b/UPDATING.txt
index 29244d4..ba9d63f 100644 (file)
--- a/UPDATING.txt
+++ b/UPDATING.txt
@@ -1,5 +1,5 @@
 PukiWiki UPDATING
-$Id: UPDATING.txt,v 1.35 2006/05/29 15:16:04 henoheno Exp $
+$Id: UPDATING.txt,v 1.36 2006/05/30 14:51:25 henoheno Exp $
 
 
 ¸ß´¹À­¤Ë´Ø¤¹¤ëµ­½Ò
@@ -7,16 +7,26 @@ $Id: UPDATING.txt,v 1.35 2006/05/29 15:16:04 henoheno Exp $
 
 PukiWiki 1.4.7: PukiWiki 1.4.6 ¤È¤ÎÈó¸ß´¹ÅÀ
 
-   1. ´ÉÍý¼Ô¥Ñ¥¹¥ï¡¼¥É¤Î½é´üÃͤ¬ 'pass' ¤Ç¤Ï¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£´ÉÍý¼Ô¤¬²¿¤«
-     ÀßÄꤹ¤ë¤Þ¤Ç¤Ï¡¢±Ê±ó¤ËȽÄê¤Ë¼ºÇÔ¤·¤Þ¤¹¡£
-     ¢¨1.4.6¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¤½¤Î¤Þ¤Þ»È¤¨¤Þ¤¹¡£
-     ¢¨1.4.6°Ê¹ß¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÊݸ·Á¼°¤ÏÊѲ½¤·¤Æ¤¤¤Þ¤¹¡£
-
-   2. ½é´ü¥³¥ó¥Æ¥ó¥Ä¤Î̾¾ÎÊѹ¹¤Ê¤É
-     ¥Þ¥ë¥Á¥Ð¥¤¥Èʸ»úÎó¤Ë°Í¸¤·¤¿¥Õ¥¡¥¤¥ë̾¤¬½é´ü¥³¥ó¥Æ¥ó¥Ä¤Ë´Þ¤Þ¤ì¤Æ¤¤¤¿
-     ÌäÂê¤ò²ò¾Ã¤·¤¿·ë²Ì¡¢°Ê²¼¤Î¥Ú¡¼¥¸¤Î̾¾Î¤¬Êѹ¹¤µ¤ì¤Þ¤·¤¿¡£
-     ²áµî¤Î¥Ð¡¼¥¸¥ç¥ó¤Î¥³¥ó¥Æ¥ó¥Ä¤ò 1.4.7 ¤Ë°Ü¿¢¤¹¤ë¾ì¹ç¡¢¤³¤ì¤é¤Î¥Ú¡¼¥¸
-     ¤ò˺¤ì¤º¤ËÀßÃÖ¤·¡¢"Åà·ë"¤·¤Æ²¼¤µ¤¤¡£
+   1. ´ÉÍý¼Ô¥Ñ¥¹¥ï¡¼¥É($adminpass)¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤÎÊѹ¹
+     ¥Ç¥Õ¥©¥ë¥ÈÃͤ¬ "pass" ¤«¤é¡¢"ÀäÂФ˼ºÇÔ¤¹¤ëʸ»úÎó" ¤Ë½¤Àµ¤µ¤ì¤Þ¤·¤¿¡£´É
+     Íý¼Ô¤¬Å¬ÀÚ¤ÊÃͤòÀßÄꤹ¤ë¤Þ¤Ç¤Ï±Ê±ó¤ËȽÄê¤Ë¼ºÇÔ¤·¤Þ¤¹¡£
+       ¢¨1.4.6¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¤½¤Î¤Þ¤Þ»ÈÍѤǤ­¤Þ¤¹¡£
+       ¢¨1.4.6°Ê¹ß¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎÊݸ·Á¼°¤ÏÊѹ¹¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
+         (See BugTrack/709)
+
+   2. ¥³¥Þ¥ó¥É¼Â¹Ôµ¡Ç½¤Î»ÅÍÍÊѹ¹
+     ¥Ú¡¼¥¸¤¬¹¹¿·¤µ¤ì¤ëÅ٤ˡ¢"´ÉÍý¼Ô¤¬»ØÄꤷ¤¿¥³¥Þ¥ó¥É" ¤ò¥µ¡¼¥Ð¡¼ÆâÉô¤Ç¼Â¹Ô
+     ¤¹¤ë¤¿¤á¤Î¥°¥í¡¼¥Ð¥ëÊÑ¿ô($update_exec)¤Ï¡¢Äê¿ô(PKWK_UPDATE_ EXEC)¤Ë¤Ê¤ê
+     ¤Þ¤·¤¿¡£
+     
+     ¥°¥í¡¼¥Ð¥ëÊÑ¿ô¤Ë¥³¥Þ¥ó¥Éʸ»úÎó¤ò³ÊǼ¤·¤Æ¤¤¤ë¾ì¹ç¡¢°­°Õ¤Î¤¢¤ëÂè»°¼Ô¤¬ºîÀ®
+     ¤·¤¿¥×¥é¥°¥¤¥ó¤Ê¤É¤Ë¤è¤Ã¤Æ¡¢ÃͤòưŪ¤Ë²þÊѤµ¤ì¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
+
+   3. ½é´ü¥³¥ó¥Æ¥ó¥Ä¤Î̾¾ÎÊѹ¹
+     ¥Þ¥ë¥Á¥Ð¥¤¥Èʸ»úÎó¤Ë°Í¸¤·¤¿¥Õ¥¡¥¤¥ë̾¤¬½é´ü¥³¥ó¥Æ¥ó¥Ä¤Ë´Þ¤Þ¤ì¤Æ¤¤¤¿ÌäÂê
+     ¤ò²ò¾Ã¤·¤¿·ë²Ì¡¢°Ê²¼¤Î¥Ú¡¼¥¸¤Î̾¾Î¤¬Êѹ¹¤µ¤ì¤Þ¤·¤¿¡£²áµî¤Î¥Ð¡¼¥¸¥ç¥ó¤Çºî
+     À®¤·¤Æ¤¤¤¿¥³¥ó¥Æ¥ó¥Ä¤ò 1.4.7 ¤Ë°Ü¿¢¤¹¤ë¾ì¹ç¡¢¤³¤ì¤é¤Î¥Ú¡¼¥¸¤ò˺¤ì¤º¤ËÀß
+     ÃÖ¤·¡¢"Åà·ë"¤·¤Æ²¼¤µ¤¤¡£
 
        "À°·Á¥ë¡¼¥ë" => "FormattingRules"
           (ÊÔ½¸»þ¤Î¥ê¥ó¥¯¤«¤é»²¾È¤µ¤ì¤Æ¤¤¤Þ¤¹)
@@ -31,16 +41,17 @@ PukiWiki 1.4.7: PukiWiki 1.4.6 
 
      (See BugTrack2/118)
 
-   3. ¤¤¤¯¤Ä¤«¤Î¥Õ¥¡¥¤¥ë¤¬ÅºÉÕ¤µ¤ì¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£
-
-     pukiwiki.php   : É¬ÍפǤ¢¤ì¤Ð index.php ¤ò¥³¥Ô¡¼¤·¤Æ¤ª»È¤¤²¼¤µ¤¤¡£
-     skin/default.js: ¤É¤³¤«¤é¤âÍøÍѤµ¤ì¤Æ¤¤¤Þ¤»¤ó¤Ç¤·¤¿¡£
+   4. ²¼µ­¤Î¥Õ¥¡¥¤¥ë¤¬ÅºÉÕ¤µ¤ì¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£
+     pukiwiki.php    : É¬ÍפǤ¢¤ì¤Ð index.php ¤ò¥³¥Ô¡¼¤·¤Æ¤ª»È¤¤²¼¤µ¤¤¡£
+     skin/default.js : ¤É¤³¤«¤é¤âÍøÍѤµ¤ì¤Æ¤¤¤Þ¤»¤ó¤Ç¤·¤¿¡£
 
-   4. µÓÃí¤ËËä¤á¹þ¤Þ¤ì¤Æ¤¤¤¿ "µÓÃí¤½¤Î¤â¤Î(ʸ»úÎó)" ¤Ï¡¢º£¸å¤ÏÁ´Ê¸¤Ç¤Ï¤Ê¤¯
+   5. µÓÃí¤ËËä¤á¹þ¤Þ¤ì¤Æ¤¤¤¿ "µÓÃí¤½¤Î¤â¤Î(ʸ»úÎó)" ¤Ï¡¢º£¸å¤ÏÁ´Ê¸¤Ç¤Ï¤Ê¤¯¡¢
      ·è¤á¤é¤ì¤¿Ê¸»ú¿ô¤À¤±½ÐÎϤµ¤ì¤Þ¤¹¡£ (See BugTrack/420)
 
-   5. ¤¤¤¯¤Ä¤«¤Îɸ½àźÉեץ饰¥¤¥ó¤Ï¡¢$non_list(°ìÍ÷¤·¤Ê¤¤¥Ñ¥¿¡¼¥ó) ¤Ë¹çÃ×
-     ¤¹¤ë¥Ú¡¼¥¸¤òɽ¼¨¤·¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£ (See BugTrack2/140)
+   6. °Ê²¼¤ÎÉեץ饰¥¤¥ó¤Ï¡¢$non_list(°ìÍ÷¤·¤Ê¤¤¥Ñ¥¿¡¼¥ó) ¤Ë¹çÃפ¹¤ë¥Ú¡¼¥¸¤ò
+     É½¼¨¤·¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£
+       attach, popular, related, touchgraph, yetlist
+     (See BugTrack2/140, BugTrack2/175)
 
 
 PukiWiki 1.4.6: PukiWiki 1.4.5_1 ¤È¤ÎÈó¸ß´¹ÅÀ
About OSDN
Find Software
Develop Software
Help