Pullup ticket #2435 - requested by adrianp

Security patch for horde Manually add backport of the following fix: - http://lists.horde.org/archives/announce/2008/000415.html
author: tron <tron@pkgsrc.org> 2008-06-26 19:44:35 +0000
committer: tron <tron@pkgsrc.org> 2008-06-26 19:44:35 +0000
commit: bc226cb95c12fd167439bd0399e3d50a27f70efe (patch)
tree: 60527e8e12207639ac693811cee15a196e7e5ee6
parent: 6c32ab4b9b785033628e4a093ce167af854de294 (diff)
download: pkgsrc-bc226cb95c12fd167439bd0399e3d50a27f70efe.tar.gz
3 files changed, 22 insertions, 2 deletions
diff --git a/www/horde/Makefile b/www/horde/Makefile
index baf98ed5af8..5212f856ddb 100644
--- a/www/horde/Makefile
+++ b/www/horde/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.53 2008/03/08 17:36:53 adrianp Exp $
+# $NetBSD: Makefile,v 1.53.2.1 2008/06/26 19:44:35 tron Exp $
 
 DISTNAME=	horde-3.1.7
+PKGREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://ftp.horde.org/pub/horde/ \
 		ftp://ftp.horde.org/pub/horde/
@@ -107,6 +108,7 @@ SUBST_MESSAGE.files=	Fixing configuration files.
 
 do-build:
 	${RM} ${WRKSRC}/lib/Horde/Auth/login.php.orig
+	${RM} ${WRKSRC}/services/obrowser/index.php.orig
 	${CP} ${FILESDIR}/horde.conf.dist ${WRKSRC}/horde.conf.dist
 	${CP} ${WRKSRC}/config/conf.xml ${WRKSRC}/config/conf.xml.dist
 	${FIND} ${WRKSRC} -name .htaccess -print | ${XARGS} ${RM} -f
diff --git a/www/horde/distinfo b/www/horde/distinfo
index e073f92a38b..934a28eca10 100644
--- a/www/horde/distinfo
+++ b/www/horde/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.20 2008/03/08 17:36:53 adrianp Exp $
+$NetBSD: distinfo,v 1.20.2.1 2008/06/26 19:44:35 tron Exp $
 
 SHA1 (horde-3.1.7.tar.gz) = b6666b35330082e0627b82fa30754751a082c115
 RMD160 (horde-3.1.7.tar.gz) = b0b8783c6955c59070dbb9db0ec4fe788b0dc220
 Size (horde-3.1.7.tar.gz) = 5288106 bytes
 SHA1 (patch-aa) = 9edb110586805d5efd84541b9d3821889967e785
+SHA1 (patch-ab) = 38fb9fb6126f546ac9821bda3731866c8daa957c
diff --git a/www/horde/patches/patch-ab b/www/horde/patches/patch-ab
new file mode 100644
index 00000000000..d900b7a9e93
--- /dev/null
+++ b/www/horde/patches/patch-ab
@@ -0,0 +1,17 @@
+$NetBSD: patch-ab,v 1.4.14.1 2008/06/26 19:44:35 tron Exp $
+
+--- services/obrowser/index.php.orig	2007-01-02 13:55:16.000000000 +0000
++++ services/obrowser/index.php
+@@ -90,10 +90,10 @@ foreach ($list as $path => $values) {
+     if (!empty($values['browseable'])) {
+         $url = Horde::applicationUrl('services/obrowser/');
+         $url = Util::addParameter($url, 'path', $path);
+-        $row['name'] = Horde::link($url) . $values['name'] . '</a>';
++	$row['name'] = Horde::link($url) . htmlspecialchars($values['name']) . '</a>';
+     } else {
+         $js = "return chooseObject('" . addslashes($path) . "');";
+-        $row['name'] = Horde::link('#', sprintf(_("Choose %s"), $values['name']), '', '', $js) . $values['name'] . '</a>';
++	$row['name'] = Horde::link('#', sprintf(_("Choose %s"), $values['name']), '', '', $js) . htmlspecialchars($values['name']) . '</a>';
+     }
+ 
+     $rows[] = $row;
author	tron <tron@pkgsrc.org>	2008-06-26 19:44:35 +0000
committer	tron <tron@pkgsrc.org>	2008-06-26 19:44:35 +0000
commit	bc226cb95c12fd167439bd0399e3d50a27f70efe (patch)
tree	60527e8e12207639ac693811cee15a196e7e5ee6
parent	6c32ab4b9b785033628e4a093ce167af854de294 (diff)
download	pkgsrc-bc226cb95c12fd167439bd0399e3d50a27f70efe.tar.gz