diff options
author | tron <tron@pkgsrc.org> | 2010-08-12 09:19:35 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2010-08-12 09:19:35 +0000 |
commit | 1e4a9507f3cb03fee0c5f7c24364ee8a4e8486b4 (patch) | |
tree | 1ba133e86bcfbc90b01c52d184f31c6f41dbb865 | |
parent | 4c668e50119efe78605d6b9adf3d035897863d94 (diff) | |
download | pkgsrc-1e4a9507f3cb03fee0c5f7c24364ee8a4e8486b4.tar.gz |
Pullup ticket #3203 - requested by taca
www/typolight28: security update
Revisions pulled up:
- www/typolight28/Makefile 1.10-1.11
- www/typolight28/Makefile.version 1.7
- www/typolight28/distinfo 1.8-1.9
- www/typolight28/patches/patch-ad 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 3 04:00:09 UTC 2010
Modified Files:
pkgsrc/www/typolight28: Makefile Makefile.version distinfo
Log Message:
Update typolight28 to 2.8.4.
Version 2.8.4 (2010-06-30)
--------------------------
- Back-ported the Safe Mode Hack improvements from version 2.9
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 28 16:24:20 UTC 2010
Modified Files:
pkgsrc/www/typolight28: Makefile distinfo
Added Files:
pkgsrc/www/typolight28/patches: patch-ad
Log Message:
Add a patch from Contao(TYPOlight) repository to fix possible
XSS problem on frontend module.
Bump PKGREVISION.
-rw-r--r-- | www/typolight28/Makefile.version | 4 | ||||
-rw-r--r-- | www/typolight28/distinfo | 9 | ||||
-rw-r--r-- | www/typolight28/patches/patch-ad | 23 |
3 files changed, 30 insertions, 6 deletions
diff --git a/www/typolight28/Makefile.version b/www/typolight28/Makefile.version index eb587e75390..e7dad3952f4 100644 --- a/www/typolight28/Makefile.version +++ b/www/typolight28/Makefile.version @@ -1,8 +1,8 @@ -# $NetBSD: Makefile.version,v 1.6 2010/05/01 23:42:56 taca Exp $ +# $NetBSD: Makefile.version,v 1.6.2.1 2010/08/12 09:19:35 tron Exp $ # # used by www/typolight28/Makefile # used by www/typolight28-example/Makefile # used by www/typolight28-translations/Makefile # -TL_VERSION= 2.8.3 +TL_VERSION= 2.8.4 diff --git a/www/typolight28/distinfo b/www/typolight28/distinfo index 67523d927bb..9b219d54c1f 100644 --- a/www/typolight28/distinfo +++ b/www/typolight28/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.7 2010/05/01 23:42:56 taca Exp $ +$NetBSD: distinfo,v 1.7.2.1 2010/08/12 09:19:35 tron Exp $ -SHA1 (typolight-2.8.3.tar.gz) = 25b5d12120cd30ffafb5d8386c64b041fc199cb7 -RMD160 (typolight-2.8.3.tar.gz) = 466a40fc14ad41204a77407c7e2f2965a008a826 -Size (typolight-2.8.3.tar.gz) = 4097568 bytes +SHA1 (typolight-2.8.4.tar.gz) = d18d684a06f5dd29ffc6a28d08143feb613cd47b +RMD160 (typolight-2.8.4.tar.gz) = ad82d00e3b7ec4e604640779fec841fcfc65f75c +Size (typolight-2.8.4.tar.gz) = 4097946 bytes +SHA1 (patch-ad) = 207ce919bb6fa7148108f8bd075d3a7d7ad1eeb9 diff --git a/www/typolight28/patches/patch-ad b/www/typolight28/patches/patch-ad new file mode 100644 index 00000000000..4b8357dc8cf --- /dev/null +++ b/www/typolight28/patches/patch-ad @@ -0,0 +1,23 @@ +$NetBSD: patch-ad,v 1.1.2.2 2010/08/12 09:19:36 tron Exp $ + +Fix for CSS from repository, r507. + +--- system/modules/frontend/Frontend.php.orig 2010-04-19 10:22:31.000000000 +0000 ++++ system/modules/frontend/Frontend.php +@@ -166,8 +166,16 @@ abstract class Frontend extends Controll + protected function addToUrl($strRequest, $blnIgnoreParams=false) + { + $arrGet = $blnIgnoreParams ? array() : $_GET; ++ ++ // Clean the $_GET values (thanks to thyon) ++ foreach (array_keys($arrGet) as $key) ++ { ++ $arrGet[$key] = $this->Input->get($key, true); ++ } ++ + $arrFragments = preg_split('/&(amp;)?/i', $strRequest); + ++ // Merge the new request string + foreach ($arrFragments as $strFragment) + { + list($key, $value) = explode('=', $strFragment); |