File otrs-2.4.9-CVE-2011-1518.patch of Package otrs.import4509
diff -ruN otrs-2.4.9-orig/Kernel/Output/HTML/Layout.pm otrs-2.4.9/Kernel/Output/HTML/Layout.pm
--- otrs-2.4.9-orig/Kernel/Output/HTML/Layout.pm 2010-09-22 13:54:00.000000000 +0200
+++ otrs-2.4.9/Kernel/Output/HTML/Layout.pm 2011-03-16 16:27:56.000000000 +0100
@@ -1,8 +1,8 @@
# --
# Kernel/Output/HTML/Layout.pm - provides generic HTML output
-# Copyright (C) 2001-2010 OTRS AG, http://otrs.org/
+# Copyright (C) 2001-2011 OTRS AG, http://otrs.org/
# --
-# $Id: Layout.pm,v 1.176.2.23 2010/09/22 11:54:00 mg Exp $
+# $Id: Layout.pm,v 1.176.2.25 2011/03/16 15:27:56 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
@@ -20,7 +20,7 @@
use Kernel::System::HTMLUtils;
use vars qw(@ISA $VERSION);
-$VERSION = qw($Revision: 1.176.2.23 $) [1];
+$VERSION = qw($Revision: 1.176.2.25 $) [1];
=head1 NAME
@@ -1418,10 +1418,6 @@
Type => 'Error',
What => $_
) || '';
- $Param{$Backend} = $Self->Ascii2Html(
- Text => $Param{$Backend},
- HTMLResultMode => 1,
- );
}
if ( !$Param{BackendMessage} && !$Param{BackendTraceback} ) {
$Self->{LogObject}->Log(
@@ -1434,10 +1430,6 @@
Type => 'Error',
What => $_
) || '';
- $Param{$Backend} = $Self->Ascii2Html(
- Text => $Param{$Backend},
- HTMLResultMode => 1,
- );
}
}
if ( !$Param{Message} ) {
@@ -1461,10 +1453,6 @@
Type => 'Error',
What => 'Message',
) || '';
- $Param{BackendMessage} = $Self->Ascii2Html(
- Text => $Param{BackendMessage},
- HTMLResultMode => 1,
- );
if ( !$Param{Message} ) {
$Param{Message} = $Param{BackendMessage};
@@ -4166,10 +4154,6 @@
Type => 'Error',
What => $_
) || '';
- $Param{ 'Backend' . $_ } = $Self->Ascii2Html(
- Text => $Param{ 'Backend' . $_ },
- HTMLResultMode => 1,
- );
}
if ( !$Param{BackendMessage} && !$Param{BackendTraceback} ) {
$Self->{LogObject}->Log(
@@ -4181,10 +4165,6 @@
Type => 'Error',
What => $_
) || '';
- $Param{ 'Backend' . $_ } = $Self->Ascii2Html(
- Text => $Param{ 'Backend' . $_ },
- HTMLResultMode => 1,
- );
}
}
@@ -4208,10 +4188,6 @@
Type => 'Error',
What => 'Message',
) || '';
- $Param{BackendMessage} = $Self->Ascii2Html(
- Text => $Param{BackendMessage},
- HTMLResultMode => 1,
- );
if ( !$Param{Message} ) {
$Param{Message} = $Param{BackendMessage};
@@ -4432,6 +4408,6 @@
=head1 VERSION
-$Revision: 1.176.2.23 $ $Date: 2010/09/22 11:54:00 $
+$Revision: 1.176.2.25 $ $Date: 2011/03/16 15:27:56 $
=cut
diff -ruN otrs-2.4.9-orig/Kernel/Output/HTML/Lite/Warning.dtl otrs-2.4.9/Kernel/Output/HTML/Lite/Warning.dtl
--- otrs-2.4.9-orig/Kernel/Output/HTML/Lite/Warning.dtl 2009-02-16 12:16:22.000000000 +0100
+++ otrs-2.4.9/Kernel/Output/HTML/Lite/Warning.dtl 2011-03-16 12:54:44.000000000 +0100
@@ -1,8 +1,8 @@
# --
# Warning.dtl - provides HTML warning screen
-# Copyright (C) 2001-2009 OTRS AG, http://otrs.org/
+# Copyright (C) 2001-2011 OTRS AG, http://otrs.org/
# --
-# $Id: Warning.dtl,v 1.10 2009/02/16 11:16:22 tr Exp $
+# $Id: Warning.dtl,v 1.10.2.1 2011/03/16 11:54:44 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
@@ -11,22 +11,22 @@
<center>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
- <tr>
- <td class="contenthead">
- <p>
- <font color="red" size="+1">$Text{"Warning"}: $Data{"Message"}</font>
- </p>
- </td>
- </tr>
- <tr>
- <td class="mainbody">
- <table>
- <tr>
- <td class="table1" valign="top"><b>$Text{"Comment"}:</b></td>
- <td class="table1" valign="top">$Text{"$Data{"Comment"}"}</td>
- </tr>
- </table>
- </td>
- </tr>
+ <tr>
+ <td class="contenthead">
+ <p>
+ <font color="red" size="+1">$Text{"Warning"}: $QData{"Message"}</font>
+ </p>
+ </td>
+ </tr>
+ <tr>
+ <td class="mainbody">
+ <table>
+ <tr>
+ <td class="table1" valign="top"><b>$Text{"Comment"}:</b></td>
+ <td class="table1" valign="top">$Text{"$Data{"Comment"}"}</td>
+ </tr>
+ </table>
+ </td>
+ </tr>
</table>
</center>
diff -ruN otrs-2.4.9-orig/Kernel/Output/HTML/Standard/CustomerError.dtl otrs-2.4.9/Kernel/Output/HTML/Standard/CustomerError.dtl
--- otrs-2.4.9-orig/Kernel/Output/HTML/Standard/CustomerError.dtl 2009-02-16 12:07:25.000000000 +0100
+++ otrs-2.4.9/Kernel/Output/HTML/Standard/CustomerError.dtl 2011-03-16 16:27:56.000000000 +0100
@@ -1,8 +1,8 @@
# --
# CustomerError.dtl - provides HTML Error screen
-# Copyright (C) 2001-2009 OTRS AG, http://otrs.org/
+# Copyright (C) 2001-2011 OTRS AG, http://otrs.org/
# --
-# $Id: CustomerError.dtl,v 1.9 2009/02/16 11:07:25 tr Exp $
+# $Id: CustomerError.dtl,v 1.9.2.1 2011/03/16 15:27:56 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
@@ -11,26 +11,26 @@
<center>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
- <tr>
- <td class="mainhead">
- <p>
- <font color="red" size="+1">$Text{"Error"}: $Data{"Message"}</font>
- </p>
- </td>
- </tr>
- <tr>
- <td class="menu">
- <table cellspacing="0" cellpadding="2" width="100%">
- <tr>
- <td class="menu" valign="top" width="100"><b>$Text{"Comment"}:</b></td>
- <td class="menu" valign="top">$Data{"Comment"}</td>
- </tr>
- <tr>
- <td class="mainbody" valign="top"><b>$Text{"Traceback"}:</b></td>
- <td class="mainbody" valign="top">$Data{"BackendTraceback"}</td>
- </tr>
- </table>
- </td>
- </tr>
+ <tr>
+ <td class="mainhead">
+ <p>
+ <font color="red" size="+1">$Text{"Error"}: $QData{"Message"}</font>
+ </p>
+ </td>
+ </tr>
+ <tr>
+ <td class="menu">
+ <table cellspacing="0" cellpadding="2" width="100%">
+ <tr>
+ <td class="menu" valign="top" width="100"><b>$Text{"Comment"}:</b></td>
+ <td class="menu" valign="top">$QData{"Comment"}</td>
+ </tr>
+ <tr>
+ <td class="mainbody" valign="top"><b>$Text{"Traceback"}:</b></td>
+ <td class="mainbody" valign="top"><pre>$QData{"BackendTraceback"}</pre></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
</table>
</center>
diff -ruN otrs-2.4.9-orig/Kernel/Output/HTML/Standard/Error.dtl otrs-2.4.9/Kernel/Output/HTML/Standard/Error.dtl
--- otrs-2.4.9-orig/Kernel/Output/HTML/Standard/Error.dtl 2009-02-16 12:07:25.000000000 +0100
+++ otrs-2.4.9/Kernel/Output/HTML/Standard/Error.dtl 2011-03-16 12:54:44.000000000 +0100
@@ -1,8 +1,8 @@
# --
# Error.dtl - provides HTML Error screen
-# Copyright (C) 2001-2009 OTRS AG, http://otrs.org/
+# Copyright (C) 2001-2011 OTRS AG, http://otrs.org/
# --
-# $Id: Error.dtl,v 1.19 2009/02/16 11:07:25 tr Exp $
+# $Id: Error.dtl,v 1.19.2.1 2011/03/16 11:54:44 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
@@ -11,45 +11,45 @@
<center>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
- <tr>
- <td class="contenthead">
- <p>
- <font color="red" size="+1">$Text{"Error"}: $Data{"Message"}</font>
- </p>
- </td>
- </tr>
- <tr>
- <td class="mainbody">
- <table cellspacing="0" cellpadding="2" width="100%">
- <tr>
- <td class="mainkey" width="100">$Text{"Comment"}:</td>
- <td class="mainvalue">$Data{"Comment"}</td>
- </tr>
- <tr>
- <td class="mainkey">$Text{"Bug Report"}:</td>
- <td class="mainvalue">
- <form action="http://bugs.otrs.org/enter_bug.cgi">
- <input type="hidden" name="comment" value="
- Message:
+ <tr>
+ <td class="contenthead">
+ <p>
+ <font color="red" size="+1">$Text{"Error"}: $QData{"Message"}</font>
+ </p>
+ </td>
+ </tr>
+ <tr>
+ <td class="mainbody">
+ <table cellspacing="0" cellpadding="2" width="100%">
+ <tr>
+ <td class="mainkey" width="100">$Text{"Comment"}:</td>
+ <td class="mainvalue">$QData{"Comment"}</td>
+ </tr>
+ <tr>
+ <td class="mainkey">$Text{"Bug Report"}:</td>
+ <td class="mainvalue">
+ <form action="http://bugs.otrs.org/enter_bug.cgi">
+ <input type="hidden" name="comment" value="
+ Message:
$Data{"Message"}
- Comment:
+ Comment:
$Data{"Comment"}
- Traceback:
+ Traceback:
$Data{"BackendTraceback"}
- "/>
- <input type="hidden" name="bug_file_loc" value="$QEnv{"SERVER_NAME"}$QEnv{"REQUEST_URI"}"/>
- <input class="button" type="submit" value="$Text{"Click here to report a bug!"}"/>
- </form>
- </td>
- </tr>
- <tr>
- <td class="mainkey">$Text{"Traceback"}:</td>
- <td class="mainvalue">$Data{"BackendTraceback"}</td>
- </tr>
- </table>
- </td>
- </tr>
+ "/>
+ <input type="hidden" name="bug_file_loc" value="$QEnv{"SERVER_NAME"}$QEnv{"REQUEST_URI"}"/>
+ <input class="button" type="submit" value="$Text{"Click here to report a bug!"}"/>
+ </form>
+ </td>
+ </tr>
+ <tr>
+ <td class="mainkey">$Text{"Traceback"}:</td>
+ <td class="mainvalue">$QData{"BackendTraceback"}</td>
+ </tr>
+ </table>
+ </td>
+ </tr>
</table>
</center>
diff -ruN otrs-2.4.9-orig/Kernel/Output/HTML/Standard/Warning.dtl otrs-2.4.9/Kernel/Output/HTML/Standard/Warning.dtl
--- otrs-2.4.9-orig/Kernel/Output/HTML/Standard/Warning.dtl 2009-02-16 12:07:25.000000000 +0100
+++ otrs-2.4.9/Kernel/Output/HTML/Standard/Warning.dtl 2011-03-16 12:54:44.000000000 +0100
@@ -1,8 +1,8 @@
# --
# Warning.dtl - provides HTML warning screen
-# Copyright (C) 2001-2009 OTRS AG, http://otrs.org/
+# Copyright (C) 2001-2011 OTRS AG, http://otrs.org/
# --
-# $Id: Warning.dtl,v 1.9 2009/02/16 11:07:25 tr Exp $
+# $Id: Warning.dtl,v 1.9.2.1 2011/03/16 11:54:44 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
@@ -11,22 +11,22 @@
<center>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
- <tr>
- <td class="contenthead">
- <p>
- <font color="red" size="+1">$Text{"Warning"}: $Data{"Message"}</font>
- </p>
- </td>
- </tr>
- <tr>
- <td class="mainbody">
- <table>
- <tr>
- <td class="table1" valign="top"><b>$Text{"Comment"}:</b></td>
- <td class="table1" valign="top">$Text{"$Data{"Comment"}"}</td>
- </tr>
- </table>
- </td>
- </tr>
+ <tr>
+ <td class="contenthead">
+ <p>
+ <font color="red" size="+1">$Text{"Warning"}: $QData{"Message"}</font>
+ </p>
+ </td>
+ </tr>
+ <tr>
+ <td class="mainbody">
+ <table>
+ <tr>
+ <td class="table1" valign="top"><b>$Text{"Comment"}:</b></td>
+ <td class="table1" valign="top">$Text{"$Data{"Comment"}"}</td>
+ </tr>
+ </table>
+ </td>
+ </tr>
</table>
</center>
