SECURITY: Tighten default allowed file types; make sure search index rebuild is performed on upgrade
--- a/schema.sql Sun Nov 25 21:18:52 2007 -0500
+++ b/schema.sql Sun Nov 25 21:40:42 2007 -0500
@@ -271,7 +271,7 @@
('copyright_notice', '{{COPYRIGHT}}'),
('wiki_edit_notice_text', '== Why can I edit this page? ==\n\nEveryone can edit almost any page in this website. This concept is called a wiki. It gives everyone the opportunity to make a change for the best. While some spam and vandalism may occur, it is believed that most contributions will be legitimate and helpful.\n\nFor security purposes, a history of all page edits is kept, and administrators are able to restore vandalized or spammed pages with just a few clicks.'),
('cache_thumbs', '{{ENABLE_CACHE}}'),
- ('max_file_size', '256000'),('enano_version', '{{VERSION}}'),( 'allowed_mime_types', 'cbf:len=168;crc=c3dcad3f;data=0[1],1[4],0[3],1[1],0[2],1[1],0[11],1[1],0[7],1[1],0[9],1[1],0[6],1[3],0[10],1[1],0[2],1[2],0[1],1[1],0[1],1[2],0[6],1[3],0[1],1[1],0[2],1[4],0[1],1[2],0[3],1[1],0[4],1[2],0[26],1[5],0[6],1[2],0[2],1[1],0[4],1[1],0[10],1[2],0[1],1[1],0[6]|end' ),
+ ('max_file_size', '256000'),('enano_version', '{{VERSION}}'),( 'allowed_mime_types', 'cbf:len=185;crc=55fb6f14;data=0[1],1[4],0[3],1[1],0[22],1[1],0[16],1[3],0[16],1[1],0[1],1[2],0[6],1[1],0[1],1[1],0[4],1[2],0[3],1[1],0[48],1[2],0[2],1[1],0[4],1[1],0[37]|end' ),
('contact_email', '{{ADMIN_EMAIL}}'),
('powered_btn', '1');
--- a/upgrade.php Sun Nov 25 21:18:52 2007 -0500
+++ b/upgrade.php Sun Nov 25 21:40:42 2007 -0500
@@ -93,7 +93,7 @@
'1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // ,
// '1.0RC2' => Array('u_1_0_populate_userpage_comments')
'1.0RC3' => Array('u_1_0_RC3_make_users_extra'),
- '1.0.2b1' => Array('u_1_0_2_nuke_template_cache')
+ '1.0.2b1' => Array('u_1_0_2_nuke_template_cache', 'u_1_0_2_rebuild_search_index')
);
if(!isset($_GET['mode']))
@@ -457,6 +457,13 @@
}
}
+function u_1_0_2_rebuild_search_index()
+{
+ global $paths;
+ @set_time_limit(0);
+ $paths->rebuild_search_index();
+}
+
switch($_GET['mode'])
{
case "login":
--- a/upgrade.sql Sun Nov 25 21:18:52 2007 -0500
+++ b/upgrade.sql Sun Nov 25 21:40:42 2007 -0500
@@ -17,6 +17,7 @@
ALTER TABLE {{TABLE_PREFIX}}pages MODIFY COLUMN urlname varchar(255), MODIFY COLUMN name varchar(255);
ALTER TABLE {{TABLE_PREFIX}}page_text MODIFY COLUMN page_id varchar(255), MODIFY COLUMN namespace varchar(63), MODIFY COLUMN page_text longtext;
@CREATE FULLTEXT INDEX {{TABLE_PREFIX}}page_search_idx ON {{TABLE_PREFIX}}page_text(page_id, namespace, page_text);
+UPDATE {{TABLE_PREFIX}}config SET config_value='cbf:len=185;crc=55fb6f14;data=0[1],1[4],0[3],1[1],0[22],1[1],0[16],1[3],0[16],1[1],0[1],1[2],0[6],1[1],0[1],1[1],0[4],1[2],0[3],1[1],0[48],1[2],0[2],1[1],0[4],1[1],0[37]|end' WHERE config_name = 'allowed_mime_types' AND config_value='cbf:len=168;crc=c3dcad3f;data=0[1],1[4],0[3],1[1],0[2],1[1],0[11],1[1],0[7],1[1],0[9],1[1],0[6],1[3],0[10],1[1],0[2],1[2],0[1],1[1],0[1],1[2],0[6],1[3],0[1],1[1],0[2],1[4],0[1],1[2],0[3],1[1],0[4],1[2],0[26],1[5],0[6],1[2],0[2],1[1],0[4],1[1],0[10],1[2],0[1],1[1],0[6]|end';
---END 1.0.2b1---
---BEGIN 1.0.1.1---
---END 1.0.1.1---