Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/scp/upgrade.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/scp/upgrade.php@@ -25,7 +25,7 @@ if(!$ost->isUpgradePending()) { $errors['err']=__('Nothing to do! System already upgraded to the current version'); } elseif(!$upgrader->isUpgradable()) {- $errors['err']=__('The upgrader does NOT support upgrading from the current vesion!');+ $errors['err']=__('The upgrader does NOT support upgrading from the current version!'); } elseif(!$upgrader->check_prereq()) { $errors['prereq']=__('Minimum requirements not met! Refer to Release Notes for more information'); } elseif(!strcasecmp(basename(CONFIG_FILE), 'settings.php')) {
Let me analyze the provided code diff for security fixes.
Vulnerability Existed: no
[Typo Fix] [scp/upgrade.php] [Lines 25]
[Old Code]
$errors['err']=__('The upgrader does NOT support upgrading from the current vesion!');
[Fixed Code]
$errors['err']=__('The upgrader does NOT support upgrading from the current version!');
Additional Details:
This appears to be a simple typo correction where "vesion" was changed to "version" in an error message string. There is no security vulnerability being fixed here, just a spelling correction in user-facing text. The change doesn't affect any security-related functionality or introduce/remove any security controls.
No other vulnerabilities or potential security fixes were identified in the provided diff content. The rest of the diff shows unchanged context lines that don't indicate any security-related modifications.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/IsCountable.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/IsCountable.php@@ -1,14 +1,13 @@ <?php-/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */- namespace Laminas\Validator;-use Countable;+use Laminas\Stdlib\ArrayUtils;+use Traversable;++use function count;+use function is_countable;+use function is_numeric; /** * Validate that a value is countable and the count meets expectations.@@ -24,18 +23,31 @@ * When creating the instance or calling `setOptions()`, if you specify a * "count" option, specifying either "min" or "max" leads to an inconsistent * state and, as such will raise an Exception\InvalidArgumentException.+ *+ * @psalm-type Options = array{+ * count: int|null,+ * min: int|null,+ * max: int|null,+ * }+ * @psalm-type OptionsArgument = array{+ * count?: int|null,+ * min?: int|null,+ * max?: int|null,+ * }&array<string, mixed>+ * @property Options&array<string, mixed> $options Required to stop Psalm getting confused about the declaration+ * on AbstractValidator */ class IsCountable extends AbstractValidator {- const NOT_COUNTABLE = 'notCountable';- const NOT_EQUALS = 'notEquals';- const GREATER_THAN = 'greaterThan';- const LESS_THAN = 'lessThan';+ public const NOT_COUNTABLE = 'notCountable';+ public const NOT_EQUALS = 'notEquals';+ public const GREATER_THAN = 'greaterThan';+ public const LESS_THAN = 'lessThan'; /** * Validation failure message template definitions *- * @var array+ * @var array<string, string> */ protected $messageTemplates = [ self::NOT_COUNTABLE => 'The input must be an array or an instance of \\Countable',@@ -47,7 +59,7 @@ /** * Additional variables available for validation failure messages *- * @var array+ * @var array<string, array{options: string}> */ protected $messageVariables = [ 'count' => ['options' => 'count'],@@ -55,41 +67,53 @@ 'max' => ['options' => 'max'], ];- /**- * Options for the between validator- *- * @var array- */+ /** @psalm-var Options */ protected $options = [ 'count' => null, 'min' => null, 'max' => null, ];+ /**+ * @param OptionsArgument|iterable<string, mixed> $options+ * @return $this Provides fluid interface+ */ public function setOptions($options = []) {- foreach (['count', 'min', 'max'] as $option) {- if (! is_array($options) || ! isset($options[$option])) {- continue;- }-- $method = sprintf('set%s', ucfirst($option));- $this->$method($options[$option]);- unset($options[$option]);- }-- return parent::setOptions($options);+ if ($options instanceof Traversable) {+ $options = ArrayUtils::iteratorToArray($options);+ }++ /** @psalm-var Options $options */++ if (isset($options['count'])) {+ $this->setCount($options['count']);+ }++ if (isset($options['min'])) {+ $this->setMin($options['min']);+ }++ if (isset($options['max'])) {+ $this->setMax($options['max']);+ }++ unset($options['count'], $options['min'], $options['max']);++ parent::setOptions($options);++ return $this; } /** * Returns true if and only if $value is countable (and the count validates against optional values). *- * @param iterable $value+ * @param mixed $value * @return bool */ public function isValid($value) {- if (! (is_array($value) || $value instanceof Countable)) {+ if (! is_countable($value)) { $this->error(self::NOT_COUNTABLE); return false; }@@ -97,7 +121,7 @@ $count = count($value); if (is_numeric($this->getCount())) {- if ($count != $this->getCount()) {+ if ($count !== $this->getCount()) { $this->error(self::NOT_EQUALS); return false; }@@ -121,7 +145,7 @@ /** * Returns the count option *- * @return mixed+ * @return int|null */ public function getCount() {@@ -131,7 +155,7 @@ /** * Returns the min option *- * @return mixed+ * @return int|null */ public function getMin() {@@ -141,7 +165,7 @@ /** * Returns the max option *- * @return mixed+ * @return int|null */ public function getMax() {@@ -149,12 +173,10 @@ } /**- * @param mixed $value- * @return void- * @throws Exception\InvalidArgumentException if either a min or max option+ * @throws Exception\InvalidArgumentException If either a min or max option * was previously set. */- private function setCount($value)+ private function setCount(int $value): void { if (isset($this->options['min']) || isset($this->options['max'])) { throw new Exception\InvalidArgumentException(@@ -165,12 +187,10 @@ } /**- * @param mixed $value- * @return void- * @throws Exception\InvalidArgumentException if either a count or max option+ * @throws Exception\InvalidArgumentException If either a count or max option * was previously set. */- private function setMin($value)+ private function setMin(int $value): void { if (isset($this->options['count'])) { throw new Exception\InvalidArgumentException(@@ -181,12 +201,10 @@ } /**- * @param mixed $value- * @return void- * @throws Exception\InvalidArgumentException if either a count or min option+ * @throws Exception\InvalidArgumentException If either a count or min option * was previously set. */- private function setMax($value)+ private function setMax(int $value): void { if (isset($this->options['count'])) { throw new Exception\InvalidArgumentException(
Analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be primarily about code quality improvements, type safety enhancements, and modernization of the codebase. Here's the analysis: 1. Vulnerability Existed: no Code Quality Improvements [File] [Entire file] [Old Code] Various older style code patterns [Fixed Code] Modernized code with type hints, psalm annotations, and better type safety 2. Vulnerability Existed: no Type Safety Enhancements [File] [Entire file] [Old Code] Loose type checking and less strict comparisons [Fixed Code] Added strict type checking (=== instead of ==) and better type declarations The main changes include: 1. Switching from checking for Countable interface to using is_countable() 2. Adding proper type hints and return types 3. Adding Psalm annotations for better static analysis 4. Improving the setOptions() method to handle Traversable objects 5. Making constant visibility explicit (public) 6. Using strict comparison (===) instead of loose comparison (==) 7. Better documentation of types and options While these changes improve code quality and could potentially prevent certain types of bugs, they don't appear to address any specific security vulnerabilities. The changes are more focused on modernization and maintainability improvements. Note: The improved type safety could theoretically prevent some edge cases that might lead to security issues, but there's no specific vulnerability being patched here that we can identify.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/class.http.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/class.http.php@@ -113,10 +113,6 @@ if (false !== strpos($user_agent,'msie') && false !== strpos($user_agent,'win')) return 'filename='.rawurlencode($filename);- elseif (false !== strpos($user_agent, 'safari')- && false === strpos($user_agent, 'chrome'))- // Safari and Safari only can handle the filename as is- return 'filename='.str_replace(',', '', $filename); else // Use RFC5987 return "filename*=UTF-8''".rawurlencode($filename);
Here's the analysis of the provided code diff:
1. Vulnerability Existed: yes
Cross-Site Scripting (XSS) Vulnerability [include/class.http.php] [Lines 113-116]
[Old Code]
```php
elseif (false !== strpos($user_agent, 'safari')
&& false === strpos($user_agent, 'chrome'))
// Safari and Safari only can handle the filename as is
return 'filename='.str_replace(',', '', $filename);
```
[Fixed Code]
(Code removed entirely)
Additional Details:
The vulnerability existed because the old code didn't properly encode the filename for Safari browsers, only removing commas. This could allow XSS attacks if a malicious filename containing script tags or other dangerous characters was provided. The fix removes this special case handling entirely, defaulting to the safer RFC5987 encoding for all browsers, which properly URL-encodes the filename.
2. Vulnerability Existed: not sure
Potential Browser-Specific Security Issue [include/class.http.php] [Lines 113-116]
[Old Code]
```php
elseif (false !== strpos($user_agent, 'safari'))
&& false === strpos($user_agent, 'chrome'))
// Safari and Safari only can handle the filename as is
return 'filename='.str_replace(',', '', $filename);
```
[Fixed Code]
(Code removed entirely)
Additional Details:
While the primary issue appears to be XSS-related, there might have been additional browser-specific security concerns that led to the complete removal of this special case handling for Safari. The change suggests the developers decided to standardize on the more secure RFC5987 encoding method rather than maintaining browser-specific handling.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-stdlib/src/SplQueue.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-stdlib/src/SplQueue.php@@ -1,24 +1,31 @@ <?php-/**- * @see https://github.com/laminas/laminas-stdlib for the canonical source repository- * @copyright https://github.com/laminas/laminas-stdlib/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-stdlib/blob/master/LICENSE.md New BSD License- */+declare(strict_types=1); namespace Laminas\Stdlib;+use ReturnTypeWillChange; use Serializable;+use UnexpectedValueException;++use function is_array;+use function serialize;+use function sprintf;+use function unserialize; /** * Serializable version of SplQueue+ *+ * @template TKey of array-key+ * @template TValue+ * @extends \SplQueue<TValue> */ class SplQueue extends \SplQueue implements Serializable { /** * Return an array representing the queue *- * @return array+ * @return list<TValue> */ public function toArray() {@@ -34,9 +41,21 @@ * * @return string */+ #[ReturnTypeWillChange] public function serialize() {- return serialize($this->toArray());+ return serialize($this->__serialize());+ }++ /**+ * Magic method used for serializing of an instance.+ *+ * @return list<TValue>+ */+ #[ReturnTypeWillChange]+ public function __serialize()+ {+ return $this->toArray(); } /**@@ -45,9 +64,30 @@ * @param string $data * @return void */+ #[ReturnTypeWillChange] public function unserialize($data) {- foreach (unserialize($data) as $item) {+ $toUnserialize = unserialize($data);+ if (! is_array($toUnserialize)) {+ throw new UnexpectedValueException(sprintf(+ 'Cannot deserialize %s instance; corrupt serialization data',+ self::class+ ));+ }++ $this->__unserialize($toUnserialize);+ }++ /**+ * Magic method used to rebuild an instance.+ *+ * @param array<array-key, TValue> $data Data array.+ * @return void+ */+ #[ReturnTypeWillChange]+ public function __unserialize($data)+ {+ foreach ($data as $item) { $this->push($item); } }
Here's the analysis of the provided code diff for security fixes:
1. Vulnerability Existed: yes
Deserialization Vulnerability [include/laminas-mail/vendor/laminas/laminas-stdlib/src/SplQueue.php] [Lines 45-49]
[Old Code]
public function unserialize($data)
{
foreach (unserialize($data) as $item) {
$this->push($item);
}
}
[Fixed Code]
public function unserialize($data)
{
$toUnserialize = unserialize($data);
if (! is_array($toUnserialize)) {
throw new UnexpectedValueException(sprintf(
'Cannot deserialize %s instance; corrupt serialization data',
self::class
));
}
$this->__unserialize($toUnserialize);
}
Additional Details:
The fix adds validation of the unserialized data to prevent potential deserialization attacks. The original code would blindly process whatever data was passed to it, while the new version checks that the unserialized data is actually an array before processing it.
2. Vulnerability Existed: not sure
Serialization Improvement [include/laminas-mail/vendor/laminas/laminas-stdlib/src/SplQueue.php] [Lines 34-44]
[Old Code]
public function serialize()
{
return serialize($this->toArray());
}
[Fixed Code]
public function serialize()
{
return serialize($this->__serialize());
}
public function __serialize()
{
return $this->toArray();
}
Additional Details:
This change appears to be more of a code structure improvement rather than a direct security fix, though it might have security implications by providing a more controlled serialization process. The functionality remains the same but is now split into two methods following newer PHP practices.
The main security improvement is clearly in the unserialize method where proper validation was added to prevent potential deserialization vulnerabilities.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/CreditCard.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/CreditCard.php@@ -1,15 +1,28 @@ <?php-/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */- namespace Laminas\Validator;+use Exception; use Laminas\Stdlib\ArrayUtils;+use Laminas\Validator\Exception\InvalidArgumentException;+use SensitiveParameter; use Traversable;++use function array_key_exists;+use function array_keys;+use function array_shift;+use function constant;+use function ctype_digit;+use function defined;+use function floor;+use function func_get_args;+use function in_array;+use function is_array;+use function is_callable;+use function is_string;+use function str_starts_with;+use function strlen;+use function strtoupper; class CreditCard extends AbstractValidator {@@ -18,27 +31,27 @@ * * @var string */- const ALL = 'All';- const AMERICAN_EXPRESS = 'American_Express';- const UNIONPAY = 'Unionpay';- const DINERS_CLUB = 'Diners_Club';- const DINERS_CLUB_US = 'Diners_Club_US';- const DISCOVER = 'Discover';- const JCB = 'JCB';- const LASER = 'Laser';- const MAESTRO = 'Maestro';- const MASTERCARD = 'Mastercard';- const SOLO = 'Solo';- const VISA = 'Visa';- const MIR = 'Mir';-- const CHECKSUM = 'creditcardChecksum';- const CONTENT = 'creditcardContent';- const INVALID = 'creditcardInvalid';- const LENGTH = 'creditcardLength';- const PREFIX = 'creditcardPrefix';- const SERVICE = 'creditcardService';- const SERVICEFAILURE = 'creditcardServiceFailure';+ public const ALL = 'All';+ public const AMERICAN_EXPRESS = 'American_Express';+ public const UNIONPAY = 'Unionpay';+ public const DINERS_CLUB = 'Diners_Club';+ public const DINERS_CLUB_US = 'Diners_Club_US';+ public const DISCOVER = 'Discover';+ public const JCB = 'JCB';+ public const LASER = 'Laser';+ public const MAESTRO = 'Maestro';+ public const MASTERCARD = 'Mastercard';+ public const SOLO = 'Solo';+ public const VISA = 'Visa';+ public const MIR = 'Mir';++ public const CHECKSUM = 'creditcardChecksum';+ public const CONTENT = 'creditcardContent';+ public const INVALID = 'creditcardInvalid';+ public const LENGTH = 'creditcardLength';+ public const PREFIX = 'creditcardPrefix';+ public const SERVICE = 'creditcardService';+ public const SERVICEFAILURE = 'creditcardServiceFailure'; /** * Validation failure message template definitions@@ -104,25 +117,116 @@ self::AMERICAN_EXPRESS => ['34', '37'], self::DINERS_CLUB => ['300', '301', '302', '303', '304', '305', '36'], self::DINERS_CLUB_US => ['54', '55'],- self::DISCOVER => ['6011', '622126', '622127', '622128', '622129', '62213',- '62214', '62215', '62216', '62217', '62218', '62219',- '6222', '6223', '6224', '6225', '6226', '6227', '6228',- '62290', '62291', '622920', '622921', '622922', '622923',- '622924', '622925', '644', '645', '646', '647', '648',- '649', '65'],+ self::DISCOVER => [+ '6011',+ '622126',+ '622127',+ '622128',+ '622129',+ '62213',+ '62214',+ '62215',+ '62216',+ '62217',+ '62218',+ '62219',+ '6222',+ '6223',+ '6224',+ '6225',+ '6226',+ '6227',+ '6228',+ '62290',+ '62291',+ '622920',+ '622921',+ '622922',+ '622923',+ '622924',+ '622925',+ '644',+ '645',+ '646',+ '647',+ '648',+ '649',+ '65',+ ], self::JCB => ['1800', '2131', '3528', '3529', '353', '354', '355', '356', '357', '358'], self::LASER => ['6304', '6706', '6771', '6709'],- self::MAESTRO => ['5018', '5020', '5038', '6304', '6759', '6761', '6762', '6763',- '6764', '6765', '6766', '6772'],- self::MASTERCARD => ['2221', '2222', '2223', '2224', '2225', '2226', '2227', '2228', '2229',- '223', '224', '225', '226', '227', '228', '229',- '23', '24', '25', '26', '271', '2720',- '51', '52', '53', '54', '55'],+ self::MAESTRO => [+ '5018',+ '5020',+ '5038',+ '6304',+ '6759',+ '6761',+ '6762',+ '6763',+ '6764',+ '6765',+ '6766',+ '6772',+ ],+ self::MASTERCARD => [+ '2221',+ '2222',+ '2223',+ '2224',+ '2225',+ '2226',+ '2227',+ '2228',+ '2229',+ '223',+ '224',+ '225',+ '226',+ '227',+ '228',+ '229',+ '23',+ '24',+ '25',+ '26',+ '271',+ '2720',+ '51',+ '52',+ '53',+ '54',+ '55',+ ], self::SOLO => ['6334', '6767'],- self::UNIONPAY => ['622126', '622127', '622128', '622129', '62213', '62214',- '62215', '62216', '62217', '62218', '62219', '6222', '6223',- '6224', '6225', '6226', '6227', '6228', '62290', '62291',- '622920', '622921', '622922', '622923', '622924', '622925'],+ self::UNIONPAY => [+ '622126',+ '622127',+ '622128',+ '622129',+ '62213',+ '62214',+ '62215',+ '62216',+ '62217',+ '62218',+ '62219',+ '6222',+ '6223',+ '6224',+ '6225',+ '6226',+ '6227',+ '6228',+ '62290',+ '62291',+ '622920',+ '622921',+ '622922',+ '622923',+ '622924',+ '622925',+ ], self::VISA => ['4'], self::MIR => ['2200', '2201', '2202', '2203', '2204'], ];@@ -133,8 +237,8 @@ * @var array */ protected $options = [- 'service' => null, // Service callback for additional validation- 'type' => [], // CCIs which are accepted by validation+ 'service' => null, // Service callback for additional validation+ 'type' => [], // CCIs which are accepted by validation ]; /**@@ -147,7 +251,7 @@ if ($options instanceof Traversable) { $options = ArrayUtils::iteratorToArray($options); } elseif (! is_array($options)) {- $options = func_get_args();+ $options = func_get_args(); $temp['type'] = array_shift($options); if (! empty($options)) { $temp['service'] = array_shift($options);@@ -206,7 +310,7 @@ } foreach ($type as $typ) {- if ($typ == self::ALL) {+ if ($typ === self::ALL) { $this->options['type'] = array_keys($this->cardLength); continue; }@@ -240,26 +344,31 @@ * * @param callable $service * @return $this- * @throws Exception\InvalidArgumentException on invalid service callback+ * @throws InvalidArgumentException On invalid service callback. */ public function setService($service) { if (! is_callable($service)) {- throw new Exception\InvalidArgumentException('Invalid callback given');+ throw new InvalidArgumentException('Invalid callback given'); } $this->options['service'] = $service; return $this; }+ // The following rule is buggy for parameters attributes+ // phpcs:disable SlevomatCodingStandard.TypeHints.ParameterTypeHintSpacing.NoSpaceBetweenTypeHintAndParameter+ /** * Returns true if and only if $value follows the Luhn algorithm (mod-10 checksum) *- * @param string $value+ * @param mixed $value * @return bool */- public function isValid($value)- {+ public function isValid(+ #[SensitiveParameter]+ $value+ ) { $this->setValue($value); if (! is_string($value)) {@@ -278,7 +387,7 @@ $foundl = false; foreach ($types as $type) { foreach ($this->cardType[$type] as $prefix) {- if (0 === strpos($value, $prefix)) {+ if (str_starts_with($value, (string) $prefix)) { $foundp = true; if (in_array($length, $this->cardLength[$type])) { $foundl = true;@@ -288,12 +397,12 @@ } }- if ($foundp == false) {+ if ($foundp === false) { $this->error(self::PREFIX, $value); return false; }- if ($foundl == false) {+ if ($foundl === false) { $this->error(self::LENGTH, $value); return false; }@@ -302,12 +411,13 @@ $weight = 2; for ($i = $length - 2; $i >= 0; $i--) {- $digit = $weight * $value[$i];- $sum += floor($digit / 10) + $digit % 10;+ $digit = $weight * $value[$i];+ $sum += floor($digit / 10) + $digit % 10; $weight = $weight % 2 + 1; }- if ((10 - $sum % 10) % 10 != $value[$length - 1]) {+ $checksum = (10 - $sum % 10) % 10;+ if ((string) $checksum !== $value[$length - 1]) { $this->error(self::CHECKSUM, $value); return false; }@@ -321,7 +431,7 @@ $this->error(self::SERVICE, $value); return false; }- } catch (\Exception $e) {+ } catch (Exception) { $this->error(self::SERVICEFAILURE, $value); return false; }@@ -329,4 +439,6 @@ return true; }++ // phpcs:enable SlevomatCodingStandard.TypeHints.ParameterTypeHintSpacing.NoSpaceBetweenTypeHintAndParameter }
I'll analyze the code diff for security fixes following the specified format:
Vulnerability Existed: yes
Sensitive Data Exposure [include/laminas-mail/vendor/laminas/laminas-validator/src/CreditCard.php] [Lines 365-368]
[Old Code]
public function isValid($value)
[Fixed Code]
public function isValid(
#[SensitiveParameter]
$value
) {
Additional Details: The fix adds the SensitiveParameter attribute to mark the credit card number parameter as sensitive data, which helps prevent accidental logging or exposure.
Vulnerability Existed: yes
Type Juggling Vulnerability [include/laminas-mail/vendor/laminas/laminas-validator/src/CreditCard.php] [Lines 417-418]
[Old Code]
if ((10 - $sum % 10) % 10 != $value[$length - 1]) {
[Fixed Code]
$checksum = (10 - $sum % 10) % 10;
if ((string) $checksum !== $value[$length - 1]) {
Additional Details: The fix changes from loose comparison (!=) to strict comparison (!==) and ensures type consistency, preventing potential type juggling issues in the Luhn algorithm validation.
Vulnerability Existed: yes
String Comparison Vulnerability [include/laminas-mail/vendor/laminas/laminas-validator/src/CreditCard.php] [Lines 389-390]
[Old Code]
if (0 === strpos($value, $prefix)) {
[Fixed Code]
if (str_starts_with($value, (string) $prefix)) {
Additional Details: The fix replaces strpos with str_starts_with for more reliable string prefix comparison and adds type safety with explicit string casting.
Vulnerability Existed: not sure
Constant Visibility Change [include/laminas-mail/vendor/laminas/laminas-validator/src/CreditCard.php] [Lines 31-54]
[Old Code]
const ALL = 'All';
[Fixed Code]
public const ALL = 'All';
Additional Details: The change from implicit to explicit public visibility for constants might have security implications if these constants were previously protected, but this is unclear without more context about their usage.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/README.md+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/README.md@@ -1,7 +1,22 @@ # laminas-validator-[](https://travis-ci.com/laminas/laminas-validator)-[](https://coveralls.io/github/laminas/laminas-validator?branch=master)+[](https://github.com/laminas/laminas-validator/actions/workflows/continuous-integration.yml)++> ## 🇷🇺 Русским гражданам+>+> Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как в России, так и в Украине. Некоторые из нас родились в России. Некоторые из нас живут в России. У некоторых бабушки и дедушки сражались с фашистами во Второй мировой войне. Здесь никто не поддерживает фашизм.+>+> У одного из нас есть украинская родственница, которая спаслась из дома вместе с сыном. Поезд задержался из-за бомбежки на дороге впереди. У нас есть друзья, которые прячутся в бомбоубежищах. Мы с тревогой ждем весточки от них после воздушных налетов, которые беспорядочно наносят удары и попадают по больницам, школам, детским садам и домам. Мы не берем это из каких-либо СМИ. Мы наблюдаем это напрямую.+>+> Вы доверяете нам достаточно, чтоб использовать наши программы, и мы просим вас довериться нам вновь. Мы нуждаемся в помощи. Выходите и протестуйте против этой бесполезной войны. Остановите кровопролитие. Скажите "Нет войне!"+>+> ## 🇺🇸 To Citizens of Russia+>+> We at Laminas come from all over the world. Many of us have friends, family and colleagues in both Russia and Ukraine. Some of us were born in Russia. Some of us currently live in Russia. Some have grandparents who fought Nazis in World War II. Nobody here supports fascism.+>+> One team member has a Ukrainian relative who fled her home with her son. The train was delayed due to bombing on the road ahead. We have friends who are hiding in bomb shelters. We anxiously follow up on them after the air raids, which indiscriminately fire at hospitals, schools, kindergartens and houses. We're not taking this from any media. These are our actual experiences.+>+> You trust us enough to use our software. We ask that you trust us to say the truth on this. We need your help. Go out and protest this unnecessary war. Stop the bloodshed. Say "stop the war!" laminas-validator provides a set of commonly needed validators. It also provides a simple validator chaining mechanism by which multiple validators may be applied
After analyzing the provided code diff, I can confirm this is only a documentation change in a README.md file. There are no code changes that would indicate security fixes or vulnerabilities. Here's the analysis: Vulnerability Existed: no [No security vulnerability found] [include/laminas-mail/vendor/laminas/laminas-validator/README.md] [Lines 1-22] [Old content with Travis CI and Coveralls badges] [New content with GitHub Actions badge and political statement] The changes consist of: 1. Switching from Travis CI to GitHub Actions for CI badges 2. Adding a political statement about the Russia-Ukraine war 3. No actual code or security-related changes were made No security vulnerabilities were fixed in this diff. The changes are purely related to documentation and project metadata.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/Barcode.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/Barcode.php@@ -1,22 +1,30 @@ <?php-/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */- namespace Laminas\Validator;+use Laminas\Stdlib\ArrayUtils;+use Laminas\Validator\Barcode\AdapterInterface;+use Laminas\Validator\Exception\InvalidArgumentException; use Traversable;++use function assert;+use function class_exists;+use function get_debug_type;+use function is_array;+use function is_string;+use function sprintf;+use function strtolower;+use function substr;+use function ucfirst; class Barcode extends AbstractValidator {- const INVALID = 'barcodeInvalid';- const FAILED = 'barcodeFailed';- const INVALID_CHARS = 'barcodeInvalidChars';- const INVALID_LENGTH = 'barcodeInvalidLength';-+ public const INVALID = 'barcodeInvalid';+ public const FAILED = 'barcodeFailed';+ public const INVALID_CHARS = 'barcodeInvalidChars';+ public const INVALID_LENGTH = 'barcodeInvalidLength';++ /** @var array<string, string> */ protected $messageTemplates = [ self::FAILED => 'The input failed checksum validation', self::INVALID_CHARS => 'The input contains invalid characters',@@ -27,15 +35,22 @@ /** * Additional variables available for validation failure messages *- * @var array+ * @var array<string, array<string, string>> */ protected $messageVariables = [ 'length' => ['options' => 'length'], ];-+ /**+ * @var array{+ * adapter: null|AdapterInterface,+ * options: null|array<string, mixed>,+ * length: null|int|array,+ * useChecksum: null|bool,+ * }+ */ protected $options = [- 'adapter' => null, // Barcode adapter Laminas\Validator\Barcode\AbstractAdapter- 'options' => null, // Options for this adapter+ 'adapter' => null, // Barcode adapter Laminas\Validator\Barcode\AbstractAdapter+ 'options' => null, // Options for this adapter 'length' => null, 'useChecksum' => null, ];@@ -43,33 +58,37 @@ /** * Constructor for barcodes *- * @param array|string $options Options to use+ * @param iterable<string, mixed>|null|string|AdapterInterface $options Options to use */ public function __construct($options = null) {+ if ($options instanceof Traversable) {+ $options = ArrayUtils::iteratorToArray($options);+ }+ if ($options === null) { $options = []; }- if (is_array($options)) {- if (array_key_exists('options', $options)) {- $options['options'] = ['options' => $options['options']];- }- } elseif ($options instanceof Traversable) {- if (property_exists($options, 'options')) {- $options['options'] = ['options' => $options['options']];- }- } else {+ if (is_string($options) || $options instanceof AdapterInterface) { $options = ['adapter' => $options]; }+ if (! is_array($options)) {+ throw new InvalidArgumentException(sprintf(+ 'Options should be an array, a string representing the name of an adapter, or an adapter instance. '+ . 'Received "%s"',+ get_debug_type($options),+ ));+ }+ parent::__construct($options); } /** * Returns the set adapter *- * @return Barcode\AbstractAdapter+ * @return AdapterInterface */ public function getAdapter() {@@ -77,16 +96,18 @@ $this->setAdapter('Ean13'); }+ assert($this->options['adapter'] instanceof Barcode\AdapterInterface);+ return $this->options['adapter']; } /** * Sets a new barcode adapter *- * @param string|Barcode\AbstractAdapter $adapter Barcode adapter to use+ * @param string|AdapterInterface $adapter Barcode adapter to use * @param array $options Options for this adapter * @return $this- * @throws Exception\InvalidArgumentException+ * @throws InvalidArgumentException */ public function setAdapter($adapter, $options = null) {@@ -95,17 +116,17 @@ $adapter = 'Laminas\\Validator\\Barcode\\' . $adapter; if (! class_exists($adapter)) {- throw new Exception\InvalidArgumentException('Barcode adapter matching "' . $adapter . '" not found');+ throw new InvalidArgumentException('Barcode adapter matching "' . $adapter . '" not found'); } $adapter = new $adapter($options); } if (! $adapter instanceof Barcode\AdapterInterface) {- throw new Exception\InvalidArgumentException(+ throw new InvalidArgumentException( sprintf( 'Adapter %s does not implement Laminas\\Validator\\Barcode\\AdapterInterface',- is_object($adapter) ? get_class($adapter) : gettype($adapter)+ get_debug_type($adapter) ) ); }@@ -118,7 +139,7 @@ /** * Returns the checksum option *- * @return string+ * @return string|null */ public function getChecksum() {@@ -128,8 +149,8 @@ /** * Sets if checksum should be validated, if no value is given the actual setting is returned *- * @param bool $checksum- * @return bool+ * @param null|bool $checksum+ * @return AdapterInterface|bool */ public function useChecksum($checksum = null) {@@ -157,7 +178,7 @@ $result = $adapter->hasValidLength($value); if (! $result) { if (is_array($this->options['length'])) {- $temp = $this->options['length'];+ $temp = $this->options['length']; $this->options['length'] = ''; foreach ($temp as $length) { $this->options['length'] .= '/';
Analyzing the provided code diff, here are the security-related findings:
1. Vulnerability Existed: not sure
[Potential Type Safety Improvement] [include/laminas-mail/vendor/laminas/laminas-validator/src/Barcode.php] [Lines 58-80]
[Old Code]
if (is_array($options)) {
if (array_key_exists('options', $options)) {
$options['options'] = ['options' => $options['options']];
}
} elseif ($options instanceof Traversable) {
if (property_exists($options, 'options')) {
$options['options'] = ['options' => $options['options']];
}
} else {
$options = ['adapter' => $options];
}
[Fixed Code]
if ($options instanceof Traversable) {
$options = ArrayUtils::iteratorToArray($options);
}
if ($options === null) {
$options = [];
}
if (is_string($options) || $options instanceof AdapterInterface) {
$options = ['adapter' => $options];
}
if (! is_array($options)) {
throw new InvalidArgumentException(sprintf(
'Options should be an array, a string representing the name of an adapter, or an adapter instance. '
. 'Received "%s"',
get_debug_type($options),
));
}
2. Vulnerability Existed: not sure
[Improved Input Validation] [include/laminas-mail/vendor/laminas/laminas-validator/src/Barcode.php] [Lines 122-130]
[Old Code]
if (! $adapter instanceof Barcode\AdapterInterface) {
throw new Exception\InvalidArgumentException(
sprintf(
'Adapter %s does not implement Laminas\\Validator\\Barcode\\AdapterInterface',
is_object($adapter) ? get_class($adapter) : gettype($adapter)
)
);
}
[Fixed Code]
if (! $adapter instanceof Barcode\AdapterInterface) {
throw new InvalidArgumentException(
sprintf(
'Adapter %s does not implement Laminas\\Validator\\Barcode\\AdapterInterface',
get_debug_type($adapter)
)
);
}
3. Vulnerability Existed: not sure
[Potential Information Leak Prevention] [include/laminas-mail/vendor/laminas/laminas-validator/src/Barcode.php] [Lines 19-22]
[Old Code]
const INVALID = 'barcodeInvalid';
const FAILED = 'barcodeFailed';
const INVALID_CHARS = 'barcodeInvalidChars';
const INVALID_LENGTH = 'barcodeInvalidLength';
[Fixed Code]
public const INVALID = 'barcodeInvalid';
public const FAILED = 'barcodeFailed';
public const INVALID_CHARS = 'barcodeInvalidChars';
public const INVALID_LENGTH = 'barcodeInvalidLength';
The changes appear to be primarily focused on:
1. Improved type safety and input validation
2. Better error handling with more specific exception messages
3. Visibility modifiers for constants
4. More robust type checking
While these changes improve code quality and could potentially prevent certain types of vulnerabilities (like type confusion or information leaks), I couldn't identify any specific, named vulnerabilities that were fixed. The changes seem more like general hardening and modernization of the code rather than fixing specific security issues.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/README.md+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/README.md@@ -22,13 +22,13 @@ Requirements ------------ * HTTP server running Microsoft® IIS or Apache- * PHP version 8.0 - 8.2 (8.2 recommended)+ * PHP version 8.2 - 8.4 (8.4 recommended) * mysqli extension for PHP * MySQL database version 5.5 (or greater) ### Recommendations- * fileinfo, gd, gettext, imap, intl, json, mbstring, Zend OPcache, phar,- xml, xml-dom, and zip extensions for PHP+ * ctype, fileinfo, gd, gettext, iconv, imap, intl, json, mbstring,+ Zend OPcache, phar, xml, xml-dom, and zip extensions for PHP * APCu module enabled and configured for PHP Deployment
Based on the provided diff, I'll analyze it for security fixes following the required format:
1. First potential change (PHP version requirement update):
Vulnerability Existed: not sure
[PHP Version Update] [README.md] [Lines 22-22]
[PHP version 8.0 - 8.2 (8.2 recommended)]
[PHP version 8.2 - 8.4 (8.4 recommended)]
2. Second potential change (PHP extensions recommendation update):
Vulnerability Existed: not sure
[PHP Extensions Update] [README.md] [Lines 25-26]
[fileinfo, gd, gettext, imap, intl, json, mbstring, Zend OPcache, phar, xml, xml-dom, and zip extensions for PHP]
[ctype, fileinfo, gd, gettext, iconv, imap, intl, json, mbstring, Zend OPcache, phar, xml, xml-dom, and zip extensions for PHP]
Notes:
- These changes appear to be version requirement updates rather than direct security fixes
- The update to require PHP 8.2-8.4 might address potential security issues in older PHP versions, but this isn't explicitly stated
- The addition of ctype and iconv extensions might be security-related, but the diff doesn't provide enough context to be certain
- No specific CVE or vulnerability is being directly addressed in these documentation changes
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/File/WordCount.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/File/WordCount.php@@ -1,15 +1,20 @@ <?php--/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Validator\File; use Laminas\Validator\AbstractValidator; use Laminas\Validator\Exception;+use Traversable;++use function array_shift;+use function file_get_contents;+use function func_get_args;+use function func_num_args;+use function is_array;+use function is_numeric;+use function is_readable;+use function is_string;+use function str_word_count; /** * Validator for counting all words in a file@@ -21,22 +26,18 @@ /** * @const string Error constants */- const TOO_MUCH = 'fileWordCountTooMuch';- const TOO_LESS = 'fileWordCountTooLess';- const NOT_FOUND = 'fileWordCountNotFound';-- /**- * @var array Error message templates- */+ public const TOO_MUCH = 'fileWordCountTooMuch';+ public const TOO_LESS = 'fileWordCountTooLess';+ public const NOT_FOUND = 'fileWordCountNotFound';++ /** @var array Error message templates */ protected $messageTemplates = [ self::TOO_MUCH => "Too many words, maximum '%max%' are allowed but '%count%' were counted", self::TOO_LESS => "Too few words, minimum '%min%' are expected but '%count%' were counted", self::NOT_FOUND => 'File is not readable or does not exist', ];- /**- * @var array Error message template variables- */+ /** @var array Error message template variables */ protected $messageVariables = [ 'min' => ['options' => 'min'], 'max' => ['options' => 'max'],@@ -56,8 +57,8 @@ * @var array */ protected $options = [- 'min' => null, // Minimum word count, if null there is no minimum word count- 'max' => null, // Maximum word count, if null there is no maximum word count+ 'min' => null, // Minimum word count, if null there is no minimum word count+ 'max' => null, // Maximum word count, if null there is no maximum word count ]; /**@@ -71,7 +72,7 @@ * 'min': Minimum word count * 'max': Maximum word count *- * @param int|array|\Traversable $options Options for the adapter+ * @param int|array|Traversable $options Options for the adapter */ public function __construct($options = null) {@@ -104,12 +105,12 @@ * Sets the minimum word count * * @param int|array $min The minimum word count- * @throws Exception\InvalidArgumentException When min is greater than max * @return $this Provides a fluent interface+ * @throws Exception\InvalidArgumentException When min is greater than max. */ public function setMin($min) {- if (is_array($min) and isset($min['min'])) {+ if (is_array($min) && isset($min['min'])) { $min = $min['min']; }@@ -142,12 +143,12 @@ * Sets the maximum file count * * @param int|array $max The maximum word count- * @throws Exception\InvalidArgumentException When max is smaller than min * @return $this Provides a fluent interface+ * @throws Exception\InvalidArgumentException When max is smaller than min. */ public function setMax($max) {- if (is_array($max) and isset($max['max'])) {+ if (is_array($max) && isset($max['max'])) { $max = $max['max']; }
After analyzing the provided code diff, I don't find any clear security vulnerabilities being fixed. The changes appear to be primarily code style improvements and minor refactoring. Here's my analysis: 1. Vulnerability Existed: no No security vulnerability found [File] include/laminas-mail/vendor/laminas/laminas-validator/src/File/WordCount.php [Lines] All [Old Code] Various style and syntax patterns [Fixed Code] Improved code style and syntax The changes include: - Removal of redundant docblock comments - Changing `and` to `&&` operator (better practice but not security-related) - Adding type hints and use statements - Reordering of method parameter documentation - Making class constants public - General code cleanup and formatting improvements None of these changes appear to address any specific security vulnerability. The modifications seem focused on code quality and maintainability rather than security fixes. If I were to speculate about potential security implications, the only minor consideration would be: 1. Vulnerability Existed: not sure Potential file handling improvement [File] include/laminas-mail/vendor/laminas/laminas-validator/src/File/WordCount.php [Lines] Various [Old Code] No explicit file handling safeguards [Fixed Code] Added use statement for is_readable However, this is extremely speculative as the actual file handling logic doesn't appear to have changed, just the import of the function. There's no clear evidence this was a security fix.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/FactoryInterface.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/FactoryInterface.php@@ -1,10 +1,6 @@ <?php-/**- * @see https://github.com/laminas/laminas-servicemanager for the canonical source repository- * @copyright https://github.com/laminas/laminas-servicemanager/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-servicemanager/blob/master/LICENSE.md New BSD License- */+declare(strict_types=1); namespace Laminas\ServiceManager;@@ -17,7 +13,7 @@ * * - rename the method `createService()` to `__invoke()`, and: * - rename the `$serviceLocator` argument to `$container`, and change the- * typehint to `Interop\Container\ContainerInterface`+ * typehint to `Psr\Container\ContainerInterface` * - add the `$requestedName` as a second argument * - add the optional `array $options = null` argument as a final argument * - create a `createService()` method as defined in this interface, and have it@@ -34,7 +30,6 @@ /** * Create service *- * @param ServiceLocatorInterface $serviceLocator * @return mixed */ public function createService(ServiceLocatorInterface $serviceLocator);
Analyzing the provided code diff, here are the potential security vulnerabilities:
1. Vulnerability Existed: not sure
[Potential Type Safety Improvement] [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/FactoryInterface.php] [Lines: 1-6]
[Old Code]
```php
<?php
/**
* @see https://github.com/laminas/laminas-servicemanager for the canonical source repository
* @copyright https://github.com/laminas/laminas-servicemanager/blob/master/COPYRIGHT.md
* @license https://github.com/laminas/laminas-servicemanager/blob/master/LICENSE.md New BSD License
*/
```
[Fixed Code]
```php
<?php
declare(strict_types=1);
```
Additional Details: The addition of strict_types declaration improves type safety but doesn't directly fix a known vulnerability.
2. Vulnerability Existed: not sure
[Interface Standardization] [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/FactoryInterface.php] [Lines: 17, 30]
[Old Code]
```php
* typehint to `Interop\Container\ContainerInterface`
...
* @param ServiceLocatorInterface $serviceLocator
```
[Fixed Code]
```php
* typehint to `Psr\Container\ContainerInterface`
...
// Parameter comment removed
```
Additional Details: The change from Interop to PSR container interface standardizes the implementation but doesn't directly address a security vulnerability. The parameter comment removal could be related to documentation cleanup.
No clear security vulnerabilities were identified in this diff. The changes appear to be primarily related to:
1. Adding strict type declarations
2. Updating to PSR standards
3. Documentation cleanup
These changes improve code quality and maintainability but don't directly address any known security issues.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/setup/test/tests/class.test.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/setup/test/tests/class.test.php@@ -26,7 +26,6 @@ ); function __construct() {- assert_options(ASSERT_CALLBACK, array($this, 'fail')); error_reporting(E_ALL & ~E_WARNING); }
Here's the analysis of the provided code diff: Vulnerability Existed: yes Assert Injection Vulnerability [File] setup/test/tests/class.test.php [Lines] 26 [Old Code] `assert_options(ASSERT_CALLBACK, array($this, 'fail'));` [Fixed Code] (Removed line) Additional Details: The vulnerability was fixed by removing the assert_options() call with a callback. Using assert() with callbacks can be dangerous in production environments as it can potentially lead to code execution vulnerabilities if assertion strings can be controlled by an attacker (assert injection). While this was in a test file, it's good practice to remove such potentially dangerous functions.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/class.setup.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/class.setup.php@@ -18,8 +18,8 @@ //Mimimum requirements static protected $prereq = array(- 'php' => '8.0',- 'mysql' => '5.0');+ 'php' => '8.1',+ 'mysql' => '5.5'); //Version info - same as the latest version.
Here is the analysis of the provided code diff:
1. Vulnerability Existed: not sure
[PHP and MySQL Version Requirements Update] [include/class.setup.php] [Lines 18-19]
[Old Code]
```php
static protected $prereq = array(
'php' => '8.0',
'mysql' => '5.0');
```
[Fixed Code]
```php
static protected $prereq = array(
'php' => '8.1',
'mysql' => '5.5');
```
Additional Details: This appears to be a version requirement update rather than a security fix. The change increases the minimum required PHP version from 8.0 to 8.1 and MySQL from 5.0 to 5.5. While newer versions often include security improvements, this change itself doesn't appear to directly fix a specific vulnerability.
Note: The diff shows an update to system requirements but doesn't clearly indicate a security vulnerability being fixed. The version bump could be related to security (as newer versions often patch vulnerabilities), but without more context, we can't be certain this was specifically for a security fix.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/src/Storage/Part/Exception/InvalidArgumentException.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/src/Storage/Part/Exception/InvalidArgumentException.php@@ -1,10 +1,4 @@ <?php--/**- * @see https://github.com/laminas/laminas-mail for the canonical source repository- * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Mail\Storage\Part\Exception;
Based on the provided code diff, here's the analysis following the required format: Vulnerability Existed: no [No specific vulnerability] [include/laminas-mail/src/Storage/Part/Exception/InvalidArgumentException.php] [Lines 1-10] [Old Code] <?php /** * @see https://github.com/laminas/laminas-mail for the canonical source repository * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License */ namespace Laminas\Mail\Storage\Part\Exception; [Fixed Code] <?php namespace Laminas\Mail\Storage\Part\Exception; The changes appear to be removing documentation comments (copyright and license information) from the file. This doesn't represent a security vulnerability fix, but rather a documentation or licensing change. There's no indication of any security-related modifications in this diff.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/LessThan.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/LessThan.php@@ -1,20 +1,19 @@ <?php--/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Validator; use Laminas\Stdlib\ArrayUtils; use Traversable;+use function array_key_exists;+use function array_shift;+use function func_get_args;+use function is_array;+ class LessThan extends AbstractValidator {- const NOT_LESS = 'notLessThan';- const NOT_LESS_INCLUSIVE = 'notLessThanInclusive';+ public const NOT_LESS = 'notLessThan';+ public const NOT_LESS_INCLUSIVE = 'notLessThanInclusive'; /** * Validation failure message template definitions@@ -64,7 +63,7 @@ $options = ArrayUtils::iteratorToArray($options); } if (! is_array($options)) {- $options = func_get_args();+ $options = func_get_args(); $temp['max'] = array_shift($options); if (! empty($options)) {@@ -101,10 +100,9 @@ /** * Sets the max option *- * @param mixed $max * @return $this Provides a fluent interface */- public function setMax($max)+ public function setMax(mixed $max) { $this->max = $max; return $this;
Analyzing the provided code diff, here's the security analysis:
1. Vulnerability Existed: not sure
[Potential Type Safety Improvement] [include/laminas-mail/vendor/laminas/laminas-validator/src/LessThan.php] [Lines 103-107]
[Old Code]
public function setMax($max)
[Fixed Code]
public function setMax(mixed $max)
2. Vulnerability Existed: no
[Code Style/Modernization] [include/laminas-mail/vendor/laminas/laminas-validator/src/LessThan.php] [Lines 13-14]
[Old Code]
const NOT_LESS = 'notLessThan';
const NOT_LESS_INCLUSIVE = 'notLessThanInclusive';
[Fixed Code]
public const NOT_LESS = 'notLessThan';
public const NOT_LESS_INCLUSIVE = 'notLessThanInclusive';
3. Vulnerability Existed: no
[Code Cleanup] [include/laminas-mail/vendor/laminas/laminas-validator/src/LessThan.php] [Lines 1-5]
[Old Code]
/**
* @see https://github.com/laminas/laminas-validator for the canonical source repository
* @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md
* @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License
*/
[Fixed Code]
[Removed]
4. Vulnerability Existed: no
[Code Formatting] [include/laminas-mail/vendor/laminas/laminas-validator/src/LessThan.php] [Lines 66]
[Old Code]
$options = func_get_args();
[Fixed Code]
$options = func_get_args();
The changes appear to be primarily focused on:
1. Modernizing the code (adding type hints, changing const visibility)
2. Code cleanup (removing redundant docblock)
3. Formatting improvements
4. Adding function imports
No clear security vulnerabilities were identified in these changes. The most significant change is the addition of type hints in the setMax method, which could potentially improve type safety but doesn't appear to address any known vulnerability.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/GpsPoint.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/GpsPoint.php@@ -1,27 +1,25 @@ <?php--/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Validator;+use function explode;+use function is_numeric;+use function preg_match;+use function preg_match_all;+use function preg_replace;+use function str_contains;+use function str_replace;+ final class GpsPoint extends AbstractValidator {+ public const OUT_OF_BOUNDS = 'gpsPointOutOfBounds';+ public const CONVERT_ERROR = 'gpsPointConvertError';+ public const INCOMPLETE_COORDINATE = 'gpsPointIncompleteCoordinate';- const OUT_OF_BOUNDS = 'gpsPointOutOfBounds';- const CONVERT_ERROR = 'gpsPointConvertError';- const INCOMPLETE_COORDINATE = 'gpsPointIncompleteCoordinate';-- /**- * @var array- */- protected $messageTemplates = [- 'gpsPointOutOfBounds' => '%value% is out of Bounds.',- 'gpsPointConvertError' => '%value% can not converted into a Decimal Degree Value.',- 'gpsPointIncompleteCoordinate' => '%value% did not provided a complete Coordinate',+ protected array $messageTemplates = [+ self::OUT_OF_BOUNDS => '%value% is out of Bounds.',+ self::CONVERT_ERROR => '%value% can not converted into a Decimal Degree Value.',+ self::INCOMPLETE_COORDINATE => '%value% did not provided a complete Coordinate', ]; /**@@ -31,32 +29,21 @@ * getMessages() will return an array of messages that explain why the * validation failed. *- * @param mixed $value- * @return bool- * @throws Exception\RuntimeException If validation of $value is impossible+ * @throws Exception\RuntimeException If validation of $value is impossible. */- public function isValid($value)+ public function isValid(mixed $value): bool {- if (strpos($value, ',') === false) {- $this->error(GpsPoint::INCOMPLETE_COORDINATE, $value);+ if (! str_contains($value, ',')) {+ $this->error(self::INCOMPLETE_COORDINATE, $value); return false; }- list($lat, $long) = explode(',', $value);+ [$lat, $long] = explode(',', $value);- if ($this->isValidCoordinate($lat, 90.0000) && $this->isValidCoordinate($long, 180.000)) {- return true;- }-- return false;+ return $this->isValidCoordinate($lat, 90.0000) && $this->isValidCoordinate($long, 180.000); }- /**- * @param string $value- * @param $maxBoundary- * @return bool- */- private function isValidCoordinate($value, $maxBoundary)+ private function isValidCoordinate(string $value, float $maxBoundary): bool { $this->value = $value;@@ -67,63 +54,59 @@ $value = $this->removeDegreeSign($value); }- if ($value === false || $value === null) {+ if ($value === false) { $this->error(self::CONVERT_ERROR); return false; }- $doubleLatitude = (double)$value;-- if ($doubleLatitude <= $maxBoundary && $doubleLatitude >= $maxBoundary * -1) {- return true;+ $castedValue = (float) $value;+ if (! is_numeric($value) && $castedValue === 0.0) {+ $this->error(self::CONVERT_ERROR);+ return false; }- $this->error(self::OUT_OF_BOUNDS);- return false;+ if (! $this->isValueInbound($castedValue, $maxBoundary)) {+ $this->error(self::OUT_OF_BOUNDS);+ return false;+ }++ return true; } /** * Determines if the give value is a Degrees Minutes Second Definition- *- * @param $value- * @return bool */- private function isDMSValue($value)+ private function isDMSValue(string $value): bool { return preg_match('/([°\'"]+[NESW])/', $value) > 0; }- /**- * @param string $value- * @return bool|string- */- private function convertValue($value)+ private function convertValue(string $value): false|float { $matches = [];- $result = preg_match_all('/(\d{1,3})°(\d{1,2})\'(\d{1,2}[\.\d]{0,6})"[NESW]/i', $value, $matches);+ $result = preg_match_all('/(\d{1,3})°(\d{1,2})\'(\d{1,2}[\.\d]{0,6})"[NESW]/i', $value, $matches); if ($result === false || $result === 0) { return false; }- return $matches[1][0] + $matches[2][0] / 60 + ((double)$matches[3][0]) / 3600;+ return $matches[1][0] + $matches[2][0] / 60 + ((float) $matches[3][0]) / 3600; }- /**- * @param string $value- * @return string- */- private function removeWhiteSpace($value)+ private function removeWhiteSpace(string $value): string { return preg_replace('/\s/', '', $value); }- /**- * @param string $value- * @return string- */- private function removeDegreeSign($value)+ private function removeDegreeSign(string $value): string { return str_replace('°', '', $value); }++ private function isValueInbound(float $value, float $boundary): bool+ {+ $max = $boundary;+ $min = -1 * $boundary;+ return $min <= $value && $value <= $max;+ } }
I'll analyze the code diff for security fixes following the specified format:
1. Vulnerability Existed: not sure
[Potential Type Juggling Vulnerability] [include/laminas-mail/vendor/laminas/laminas-validator/src/GpsPoint.php] [Lines 54-60]
[Old Code]
if ($value === false || $value === null) {
$this->error(self::CONVERT_ERROR);
return false;
}
[Fixed Code]
if ($value === false) {
$this->error(self::CONVERT_ERROR);
return false;
}
$castedValue = (float) $value;
if (! is_numeric($value) && $castedValue === 0.0) {
$this->error(self::CONVERT_ERROR);
return false;
}
2. Vulnerability Existed: not sure
[Potential Input Validation Improvement] [include/laminas-mail/vendor/laminas/laminas-validator/src/GpsPoint.php] [Lines 31-33]
[Old Code]
if (strpos($value, ',') === false) {
$this->error(GpsPoint::INCOMPLETE_COORDINATE, $value);
[Fixed Code]
if (! str_contains($value, ',')) {
$this->error(self::INCOMPLETE_COORDINATE, $value);
3. Vulnerability Existed: not sure
[Potential Boundary Check Improvement] [include/laminas-mail/vendor/laminas/laminas-validator/src/GpsPoint.php] [Lines 65-67]
[Old Code]
if ($doubleLatitude <= $maxBoundary && $doubleLatitude >= $maxBoundary * -1) {
return true;
}
[Fixed Code]
if (! $this->isValueInbound($castedValue, $maxBoundary)) {
$this->error(self::OUT_OF_BOUNDS);
return false;
}
The changes appear to be primarily focused on:
1. Improved type safety (using strict type checking and casting)
2. Better input validation
3. More robust boundary checking
4. Code quality improvements (using newer PHP features like str_contains)
While these changes improve the robustness of the validation, I can't identify any specific security vulnerabilities that were fixed. The improvements make the code more resistant to potential issues, but I'm not certain they address any known vulnerabilities.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Exception/CyclicAliasException.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Exception/CyclicAliasException.php@@ -1,26 +1,49 @@ <?php-/**- * @see https://github.com/laminas/laminas-servicemanager for the canonical source repository- * @copyright https://github.com/laminas/laminas-servicemanager/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-servicemanager/blob/master/LICENSE.md New BSD License- */+declare(strict_types=1); namespace Laminas\ServiceManager\Exception;++use function array_filter;+use function array_keys;+use function array_map;+use function array_values;+use function implode;+use function reset;+use function serialize;+use function sort;+use function sprintf; class CyclicAliasException extends InvalidArgumentException { /**+ * @param string $alias conflicting alias key * @param string[] $aliases map of referenced services, indexed by alias name (string)- *+ */+ public static function fromCyclicAlias(string $alias, array $aliases): self+ {+ $cycle = $alias;+ $cursor = $alias;+ while (isset($aliases[$cursor]) && $aliases[$cursor] !== $alias) {+ $cursor = $aliases[$cursor];+ $cycle .= ' -> ' . $cursor;+ }+ $cycle .= ' -> ' . $alias . "\n";++ return new self(sprintf(+ "A cycle was detected within the aliases definitions:\n%s",+ $cycle+ ));+ }++ /**+ * @param string[] $aliases map of referenced services, indexed by alias name (string) * @return self */ public static function fromAliasesMap(array $aliases) { $detectedCycles = array_filter(array_map(- function ($alias) use ($aliases) {- return self::getCycleFor($aliases, $alias);- },+ static fn($alias): ?array => self::getCycleFor($aliases, $alias), array_keys($aliases) ));@@ -44,7 +67,6 @@ * * @param string[] $aliases * @param string $alias- * * @return array|null */ private static function getCycleFor(array $aliases, $alias)@@ -58,8 +80,7 @@ } $cycleCandidate[$targetName] = true;-- $targetName = $aliases[$targetName];+ $targetName = $aliases[$targetName]; } return null;@@ -67,7 +88,6 @@ /** * @param string[] $aliases- * * @return string */ private static function printReferencesMap(array $aliases)@@ -83,18 +103,17 @@ /** * @param string[][] $detectedCycles- * * @return string */ private static function printCycles(array $detectedCycles) {- return "[\n" . implode("\n", array_map([__CLASS__, 'printCycle'], $detectedCycles)) . "\n]";+ return "[\n" . implode("\n", array_map([self::class, 'printCycle'], $detectedCycles)) . "\n]"; } /** * @param string[] $detectedCycle- * * @return string+ * @phpcsSuppress SlevomatCodingStandard.Classes.UnusedPrivateElements.UnusedMethod */ private static function printCycle(array $detectedCycle) {@@ -104,9 +123,7 @@ return implode( ' => ', array_map(- function ($cycle) {- return '"' . $cycle . '"';- },+ static fn($cycle): string => '"' . $cycle . '"', $fullCycle ) );@@ -114,7 +131,6 @@ /** * @param bool[][] $detectedCycles- * * @return bool[][] de-duplicated */ private static function deDuplicateDetectedCycles(array $detectedCycles)@@ -126,11 +142,9 @@ sort($cycleAliases);- $hash = serialize(array_values($cycleAliases));+ $hash = serialize($cycleAliases);- $detectedCyclesByHash[$hash] = isset($detectedCyclesByHash[$hash])- ? $detectedCyclesByHash[$hash]- : $detectedCycle;+ $detectedCyclesByHash[$hash] ??= $detectedCycle; } return array_values($detectedCyclesByHash);
Based on the provided code diff, I'll analyze it for security vulnerabilities. Here's the analysis: 1. Vulnerability Existed: no The changes appear to be primarily code improvements and refactoring rather than security fixes. The main changes include: - Added strict type declaration - Improved error message formatting in fromCyclicAlias() - Code style improvements (arrow functions, self::class reference) - Simplified null coalescing operator usage - Added phpdoc improvements 2. Vulnerability Existed: not sure Potential Information Leak [File] include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Exception/CyclicAliasException.php [Lines] 1-49 The improved error messages in fromCyclicAlias() could potentially expose more internal service structure information, though this is likely intended behavior for debugging purposes. 3. Vulnerability Existed: no The changes to deDuplicateDetectedCycles() where the hash generation was modified from `serialize(array_values($cycleAliases))` to `serialize($cycleAliases)` doesn't appear to introduce any security vulnerabilities, as it's still used for internal comparison purposes only. The diff primarily shows code quality improvements rather than security fixes. The changes include: - Better type safety with strict_types - More detailed error reporting - Modern PHP syntax adoption - Code cleanup and optimization - Documentation improvements No clear security vulnerabilities were fixed in this diff. The changes appear to be part of routine maintenance and code modernization.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-loader/composer.json+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-loader/composer.json@@ -16,21 +16,17 @@ "forum": "https://discourse.laminas.dev" }, "config": {- "sort-packages": true- },- "extra": {- "branch-alias": {- "dev-master": "2.6.x-dev",- "dev-develop": "2.7.x-dev"+ "sort-packages": true,+ "allow-plugins": {+ "dealerdirect/phpcodesniffer-composer-installer": true } }, "require": {- "php": "^5.6 || ^7.0",- "laminas/laminas-zendframework-bridge": "^1.0"+ "php": "~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0" }, "require-dev": {- "laminas/laminas-coding-standard": "~1.0.0",- "phpunit/phpunit": "^5.7.27 || ^6.5.8 || ^7.1.4"+ "laminas/laminas-coding-standard": "~2.4.0",+ "phpunit/phpunit": "~9.5.25" }, "autoload": { "psr-4": {@@ -52,7 +48,7 @@ "test": "phpunit --colors=always", "test-coverage": "phpunit --colors=always --coverage-clover clover.xml" },- "replace": {- "zendframework/zend-loader": "self.version"+ "conflict": {+ "zendframework/zend-loader": "*" } }
Here's the analysis of the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[PHP Version Requirement Update] [include/laminas-mail/vendor/laminas/laminas-loader/composer.json] [Lines 22-23]
[Old Code]
`"php": "^5.6 || ^7.0",`
[Fixed Code]
`"php": "~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0"`
Additional Details: The PHP version requirement was updated to only support PHP 8.x versions, dropping support for older, potentially insecure PHP versions (5.6 and 7.0). This could be related to security but isn't a direct vulnerability fix.
2. Vulnerability Existed: not sure
[Dependency Version Update] [include/laminas-mail/vendor/laminas/laminas-loader/composer.json] [Lines 25-26]
[Old Code]
`"laminas/laminas-coding-standard": "~1.0.0",`
`"phpunit/phpunit": "^5.7.27 || ^6.5.8 || ^7.1.4"`
[Fixed Code]
`"laminas/laminas-coding-standard": "~2.4.0",`
`"phpunit/phpunit": "~9.5.25"`
Additional Details: Development dependencies were updated to newer versions, which might include security fixes, but no specific vulnerability is mentioned.
3. Vulnerability Existed: not sure
[Package Conflict Declaration] [include/laminas-mail/vendor/laminas/laminas-loader/composer.json] [Lines 52-53]
[Old Code]
`"replace": {`
` "zendframework/zend-loader": "self.version"`
[Fixed Code]
`"conflict": {`
` "zendframework/zend-loader": "*"`
Additional Details: Changed from 'replace' to 'conflict' for zendframework/zend-loader, which might be related to preventing installation of incompatible/unsafe versions, but no specific vulnerability is indicated.
Note: While there are several changes in the composer.json file, none clearly indicate a specific security vulnerability being fixed. The changes appear to be primarily about updating dependencies and requirements rather than patching known vulnerabilities.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/src/Header/GenericMultiHeader.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/src/Header/GenericMultiHeader.php@@ -1,22 +1,24 @@ <?php-/**- * @see https://github.com/laminas/laminas-mail for the canonical source repository- * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License- */+namespace Laminas\Mail\Header;-namespace Laminas\Mail\Header;+use function explode;+use function implode;+use function strpos; /** * Generic class for Headers with multiple occurs in the same message */ class GenericMultiHeader extends GenericHeader implements MultipleHeadersInterface {+ /**+ * @param string $headerLine+ * @return array|GenericHeader|GenericMultiHeader|static+ */ public static function fromString($headerLine) {- list($fieldName, $fieldValue) = GenericHeader::splitHeaderLine($headerLine);- $fieldValue = HeaderWrap::mimeDecodeValue($fieldValue);+ [$fieldName, $fieldValue] = GenericHeader::splitHeaderLine($headerLine);+ $fieldValue = HeaderWrap::mimeDecodeValue($fieldValue); if (strpos($fieldValue, ',')) { $headers = [];
I'll analyze the provided code diff for security fixes following the specified format.
Vulnerability Existed: not sure
[Potential Header Injection Vulnerability] [include/laminas-mail/src/Header/GenericMultiHeader.php] [Lines 1-24]
[Old Code]
public static function fromString($headerLine)
{
list($fieldName, $fieldValue) = GenericHeader::splitHeaderLine($headerLine);
$fieldValue = HeaderWrap::mimeDecodeValue($fieldValue);
[Fixed Code]
public static function fromString($headerLine)
{
[$fieldName, $fieldValue] = GenericHeader::splitHeaderLine($headerLine);
$fieldValue = HeaderWrap::mimeDecodeValue($fieldValue);
Additional Details:
- The changes include:
1. Added proper namespace imports
2. Changed from `list()` to array destructuring syntax
3. Added proper PHPDoc comments
4. Fixed code formatting/alignment
- While these changes improve code quality and maintainability, I'm not certain if they address any specific security vulnerability
- The changes might be related to preventing potential header injection by ensuring proper header parsing, but this is speculative
- The original code was already using HeaderWrap::mimeDecodeValue() which helps prevent some injection attacks
Vulnerability Existed: no
[Code Quality Improvements] [include/laminas-mail/src/Header/GenericMultiHeader.php] [Lines 1-24]
[Old Code]
/**
* @see https://github.com/laminas/laminas-mail for the canonical source repository
* @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md
* @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License
*/
[Fixed Code]
Added proper namespace imports and function imports
Added more specific PHPDoc for the fromString method
Additional Details:
- These changes appear to be general code quality improvements rather than security fixes
- The additions improve code documentation and maintainability but don't address specific vulnerabilities
- The changes follow modern PHP coding standards better but don't have direct security implications
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/staff/staff.inc.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/staff/staff.inc.php@@ -104,7 +104,7 @@ <tr> <td><?php echo __('Mobile Number');?>:</td> <td>- <input type="tel" size="18" name="mobile" class="auto phone"+ <input type="tel" size="18" name="mobile" class="auto mobile" value="<?php echo Format::htmlchars($staff->mobile); ?>" /> <div class="error"><?php echo $errors['mobile']; ?></div> </td>
Here's the analysis of the provided code diff: Vulnerability Existed: not sure [Potential Input Validation Issue] [include/staff/staff.inc.php] [Lines 104-108] [Old Code] ```html <input type="tel" size="18" name="mobile" class="auto phone" value="<?php echo Format::htmlchars($staff->mobile); ?>" /> ``` [Fixed Code] ```html <input type="tel" size="18" name="mobile" class="auto mobile" value="<?php echo Format::htmlchars($staff->mobile); ?>" /> ``` Additional Details: - The change involves modifying the CSS class from "phone" to "mobile" for a telephone input field - While this doesn't appear to be a direct security fix, it might be related to input validation improvements - The change could potentially affect client-side validation logic if the class names were used for validation - The output is still properly escaped using Format::htmlchars(), so no XSS vulnerability is present - Without seeing the corresponding JavaScript/CSS changes, it's difficult to determine if this was a security-related fix
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/class.attachment.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/class.attachment.php@@ -192,7 +192,7 @@ function getInlines($lang=false) { return $this->_getList(false, true, $lang); } function getSeparates($lang=false) { return $this->_getList(true, false, $lang); } function getAll($lang=false) { return $this->_getList(true, true, $lang); }- function count($lang=false) { return count($this->getSeparates($lang)); }+ function count($lang=false): int { return count($this->getSeparates($lang)); } function _getList($separates=false, $inlines=false, $lang=false) { $base = $this;
Based on the provided code diff, here's the analysis:
Vulnerability Existed: no
[No specific vulnerability] [include/class.attachment.php] [Lines 192]
[Old Code]
function count($lang=false) { return count($this->getSeparates($lang)); }
[Fixed Code]
function count($lang=false): int { return count($this->getSeparates($lang)); }
Additional Details:
The change appears to be adding a return type declaration (`: int`) to the `count()` method. This is a type safety improvement rather than a security fix. The modification helps ensure type consistency but doesn't address any known security vulnerability. The functionality remains the same, but now explicitly declares that the method will return an integer.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.