[icinga-checkins] icinga.org: icinga-web/r1.8: Security fix for YUI charts.swf (refs #3464)

git at icinga.org git at icinga.org
Thu Nov 29 17:39:09 CET 2012


Module: icinga-web
Branch: r1.8
Commit: 66c79984a759206fc347ef1bda209aeed8cc9ced
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=66c79984a759206fc347ef1bda209aeed8cc9ced

Author: Markus Frosch <markus.frosch at netways.de>
Date:   Tue Nov 27 15:49:45 2012 +0100

Security fix for YUI charts.swf (refs #3464)

Drop-in replacement of charts.swf from yuilibrary.com

Plus changes for the integration to make it useable

Please see
http://yuilibrary.com/support/20121030-vulnerability/

---

 app/modules/Cronks/config/javascript.xml           |    3 +-
 app/modules/Cronks/lib/js/Ext/ux/FlashComponent.js |   59 ++++++++++++++++++++
 lib/ext3/resources/charts.swf                      |  Bin 81653 -> 81326 bytes
 3 files changed, 61 insertions(+), 1 deletions(-)

diff --git a/app/modules/Cronks/config/javascript.xml b/app/modules/Cronks/config/javascript.xml
index 93fb721..2e2d40e 100755
--- a/app/modules/Cronks/config/javascript.xml
+++ b/app/modules/Cronks/config/javascript.xml
@@ -17,6 +17,7 @@
             <ae:parameter>%core.module_dir%/Cronks/lib/js//Ext/ux/form/MultiSelect.Override.js</ae:parameter>
             <ae:parameter>%core.module_dir%/Cronks/lib/js/Ext/ux/Portlet.js</ae:parameter>
             <ae:parameter>%core.module_dir%/Cronks/lib/js/Ext/ux/LazyStore.js</ae:parameter>
+            <ae:parameter>%core.module_dir%/Cronks/lib/js/Ext/ux/FlashComponent.js</ae:parameter>
             
             <!-- Misc libs -->
             <ae:parameter>%core.module_dir%/Cronks/lib/js/rmd160.js</ae:parameter>
@@ -120,4 +121,4 @@
             <ae:parameter>%core.module_dir%/Cronks/lib/js/Cronk/grid/MetaGridPanel.js</ae:parameter>
         </javascript>
     </ae:configuration>
-</ae:configurations>
\ No newline at end of file
+</ae:configurations>
diff --git a/app/modules/Cronks/lib/js/Ext/ux/FlashComponent.js b/app/modules/Cronks/lib/js/Ext/ux/FlashComponent.js
new file mode 100644
index 0000000..8e5dc32
--- /dev/null
+++ b/app/modules/Cronks/lib/js/Ext/ux/FlashComponent.js
@@ -0,0 +1,59 @@
+// {{{ICINGA_LICENSE_CODE}}}
+// -----------------------------------------------------------------------------
+// This file is part of icinga-web.
+//
+// Copyright (c) 2009-2012 Icinga Developer Team.
+// All rights reserved.
+//
+// icinga-web is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// icinga-web is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with icinga-web.  If not, see <http://www.gnu.org/licenses/>.
+// -----------------------------------------------------------------------------
+// {{{ICINGA_LICENSE_CODE}}}
+/*global Ext: false, Icinga: false, AppKit: false, _: false, Cronk: false */
+
+(function() {
+    "use strict";
+
+    Ext.ns('Ext.chart', 'YAHOO.widget');
+
+    /**
+     * @class Ext.chart.PieChart
+     * @overrides Ext.chart.PieChart
+     * @namespace Ext.chart
+     * @author Markus Frosch <markus.frosch at netways.de>
+     * @getId
+     */
+    Ext.override(Ext.chart.PieChart, {
+        /*
+          Replacing getId with a new version to give the YUI swf
+          an id that he wants and allows
+        */
+        getId: function() {
+            return this.id || (this.id = "yuiswf" + (++Ext.Component.AUTO_ID));
+        }
+    });
+
+    /**
+     * @class YAHOO.widget.SWF
+     * @extends Ext.FlashEventProxy
+     * @namespace YAHOO.widget
+     * @author Markus Frosch <markus.frosch at netways.de>
+     *
+     * A proxy object to call Ext.FlashEventProxy
+     * from a YUI flash component
+     */
+    YAHOO.widget.SWF = Ext.FlashEventProxy;
+    YAHOO.widget.SWF.eventHandler = function(id, e) {
+        this.onEvent(id, e);
+    };
+}());
diff --git a/lib/ext3/resources/charts.swf b/lib/ext3/resources/charts.swf
index 472ca22..27557da 100644
Binary files a/lib/ext3/resources/charts.swf and b/lib/ext3/resources/charts.swf differ





More information about the icinga-checkins mailing list