ports/137681: [Patch] www/wordpress: Remote admin reset password

[Steven Kreuzer]

>Number:         137681
>Category:       ports
>Synopsis:       [Patch] www/wordpress: Remote admin reset password
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 11 21:30:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Steven Kreuzer
>Release:        FreeBSD 7.1-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD slurry.exit2shell.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #3: Mon Nov 24 14:01:09 EST 2008
>Description:
Include patch from upstream vendor to address the remote admin reset password
security vulnerability described in http://www.milw0rm.com/exploits/9410

Added file(s):
- files/patch-wp-login.php

Port maintainer (ychsiao at ychsiao.org) is cc'd.

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- wordpress-2.8.3_1,1.patch begins here ---
Index: Makefile
===================================================================
RCS file: /usr/share/cvs/freebsd/ports/www/wordpress/Makefile,v
retrieving revision 1.51
diff -u -u -r1.51 Makefile
--- Makefile	5 Aug 2009 07:50:43 -0000	1.51
+++ Makefile	11 Aug 2009 21:14:53 -0000
@@ -7,6 +7,7 @@
 
 PORTNAME=	wordpress
 PORTVERSION=	2.8.3
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	www
 MASTER_SITES=	http://wordpress.org/ \
@@ -35,6 +36,7 @@
 	@sleep 1
 
 pre-install:
+	${RM} ${WRKSRC}/wp-login.php.orig
 	cd ${WRKSRC} && ${FIND} -s * -type f | \
 		${SED} -e 's|^|${WORDPRESS}/|' > ${PLIST} \
 		&& ${FIND} -d * -type d | \
Index: files/patch-wp-login.php
===================================================================
RCS file: files/patch-wp-login.php
diff -N files/patch-wp-login.php
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/patch-wp-login.php	11 Aug 2009 21:23:18 -0000
@@ -0,0 +1,11 @@
+--- wp-login.php.orig	2009-08-11 16:57:43.000000000 -0400
++++ wp-login.php	2009-08-11 17:00:45.000000000 -0400
+@@ -187,7 +187,7 @@
+ 
+ 	$key = preg_replace('/[^a-z0-9]/i', '', $key);
+ 
+-	if ( empty( $key ) )
++	if ( empty( $key ) || is_array( $key ) )
+ 		return new WP_Error('invalid_key', __('Invalid key'));
+ 
+ 	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key));
--- wordpress-2.8.3_1,1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: