Sophie: WebCalendar-1.2.4-3.fc16 src

WebCalendar-1.2.4-3.fc16.src.rpm

diff -Naur WebCalendar-1.2.4.orig/includes/classes/hKit/hcal.profile.php WebCalendar-1.2.4.new/includes/classes/hKit/hcal.profile.php
--- WebCalendar-1.2.4.orig/includes/classes/hKit/hcal.profile.php	2007-08-06 04:28:33.000000000 +0200
+++ WebCalendar-1.2.4.new/includes/classes/hKit/hcal.profile.php	2011-09-30 18:19:06.397245502 +0200
@@ -2,6 +2,9 @@
   // hcal profile for hkit
   // hacked together by Ray Jones 06/26/2006
 
+  if (!isset($this))			// Prevent CVE-2011-3814.
+    die();
+
   $this->root_class = 'vevent';
 
   $this->classes = array (
@@ -57,4 +60,4 @@
     $vevent = array_change_key_case($vevent, CASE_UPPER);
   }
 
-?>
\ No newline at end of file
+?>
diff -Naur WebCalendar-1.2.4.orig/includes/common_admin_pref.php WebCalendar-1.2.4.new/includes/common_admin_pref.php
--- WebCalendar-1.2.4.orig/includes/common_admin_pref.php	2007-07-28 21:21:57.000000000 +0200
+++ WebCalendar-1.2.4.new/includes/common_admin_pref.php	2011-09-30 18:19:06.417244020 +0200
@@ -2,6 +2,7 @@
 /* Consolidating parts of admin.php and pref.php.
  * $Id: common_admin_pref.php,v 1.4 2007/07/28 19:21:57 bbannon Exp $
  */
+function_exists('translate') or die('You cannot access this file directly!');
 // .
 // Force the CSS cache to clear by incrementing webcalendar_csscache cookie.
 $webcalendar_csscache = 1;
@@ -334,4 +335,4 @@
   load_user_preferences ();
 }
 
-?>
\ No newline at end of file
+?>
diff -Naur WebCalendar-1.2.4.orig/includes/date_formats.php WebCalendar-1.2.4.new/includes/date_formats.php
--- WebCalendar-1.2.4.orig/includes/date_formats.php	2007-08-06 04:28:32.000000000 +0200
+++ WebCalendar-1.2.4.new/includes/date_formats.php	2011-09-30 18:19:06.418243948 +0200
@@ -22,6 +22,7 @@
 // .
 // This will force $LANGUAGE to the current value
 // and eliminate having to double click the 'SAVE' button.
+function_exists('reset_language') or die('You cannot access this file directly!');
 reset_language ( get_pref_setting ( $login, 'LANGUAGE' ) );
 define_languages (); // Load the language list.
 reset ( $languages );
diff -Naur WebCalendar-1.2.4.orig/includes/help_list.php WebCalendar-1.2.4.new/includes/help_list.php
--- WebCalendar-1.2.4.orig/includes/help_list.php	2008-02-12 20:08:52.000000000 +0100
+++ WebCalendar-1.2.4.new/includes/help_list.php	2011-09-30 18:19:06.418243948 +0200
@@ -5,7 +5,7 @@
  * This should make it easier to add new help screens without having to
  * touch each file every time.
 */
-defined ( '_ISVALID' ) or ( 'You cannot access this file directly!' );
+defined ( '_ISVALID' ) or die( 'You cannot access this file directly!' );
 // DO NOT DELETE translate ( 'Index' ) translate ( 'Documentation' )
 $help_list = array ();
 $help_list['Index'] = 'help_index.php';
diff -Naur WebCalendar-1.2.4.orig/includes/js/visible.php WebCalendar-1.2.4.new/includes/js/visible.php
--- WebCalendar-1.2.4.orig/includes/js/visible.php	2008-01-28 21:17:08.000000000 +0100
+++ WebCalendar-1.2.4.new/includes/js/visible.php	2011-09-30 18:19:06.418243948 +0200
@@ -183,7 +183,12 @@
   colorCell.style.backgroundColor = "#000000";
   input.select ();
   input.focus ();
-  alert ( '<?php etranslate ( 'Invalid Color', true ) ?>');
+  alert ( '<?php
+	$m = 'Invalid Color';
+	if (function_exists('etranslate'))	// Prevent CVE-2011-3814.
+		etranslate($m, true);
+	else 
+		echo $m; ?>');
  } else {
   colorCell.style.backgroundColor = color;
  }
diff -Naur WebCalendar-1.2.4.orig/ws/login.php WebCalendar-1.2.4.new/ws/login.php
--- WebCalendar-1.2.4.orig/ws/login.php	2011-08-07 19:56:16.000000000 +0200
+++ WebCalendar-1.2.4.new/ws/login.php	2011-09-30 18:23:16.913819417 +0200
@@ -9,15 +9,13 @@
                           // relative to current working directory.
 define ( '__WC_INCLUDEDIR', '../includes' );
 
-include __WC_INCLUDEDIR . '/translate.php';
+foreach (array('config', 'dbi4php', 'formvars', 'functions', 'translate') as $i)
+  include_once __WC_INCLUDEDIR . '/' . $i . '.php';
+
 require_once __WC_INCLUDEDIR . '/classes/WebCalendar.class';
 
 $WebCalendar = new WebCalendar ( __FILE__ );
 
-include __WC_INCLUDEDIR . '/config.php';
-include __WC_INCLUDEDIR . '/dbi4php.php';
-include __WC_INCLUDEDIR . '/functions.php';
-
 $WebCalendar->initializeFirstPhase ();
 
 include __WC_INCLUDEDIR . '/' .$user_inc;
diff -Naur WebCalendar-1.2.4.orig/ws/ws.php WebCalendar-1.2.4.new/ws/ws.php
--- WebCalendar-1.2.4.orig/ws/ws.php	2011-08-07 19:56:16.000000000 +0200
+++ WebCalendar-1.2.4.new/ws/ws.php	2011-09-30 18:26:27.827774230 +0200
@@ -19,23 +19,17 @@
                           // relative to current working directory.
 define ( '__WC_INCLUDEDIR', '../includes' );
 
-  include_once __WC_INCLUDEDIR . '/translate.php';
-  require_once __WC_INCLUDEDIR . '/classes/WebCalendar.class';
-  require_once __WC_INCLUDEDIR . '/classes/Event.class';
-  require_once __WC_INCLUDEDIR . '/classes/RptEvent.class';
+  foreach(array('access', 'config', 'dbi4php', 'formvars', 'functions',
+		'site_extras', 'translate', 'validate') as $i)
+    include_once __WC_INCLUDEDIR . '/' . $i . '.php';
 
-  $WebCalendar = new WebCalendar ( __FILE__ );
-
-  include_once __WC_INCLUDEDIR . '/config.php';
-  include_once __WC_INCLUDEDIR . '/dbi4php.php';
-  include_once __WC_INCLUDEDIR . '/access.php';
-  include_once __WC_INCLUDEDIR . '/functions.php';
+  foreach(array('WebCalendar', 'Event', 'RptEvent') as $i)
+    include_once __WC_INCLUDEDIR . '/classes/' . $i . '.class';
 
+  $WebCalendar = new WebCalendar ( __FILE__ );
   $WebCalendar->initializeFirstPhase ();
 
   include_once __WC_INCLUDEDIR . '/' . $user_inc;
-  include_once __WC_INCLUDEDIR . '/validate.php';
-  include_once __WC_INCLUDEDIR . '/site_extras.php';
 
   $WebCalendar->initializeSecondPhase ();