diff options
author | tron <tron@pkgsrc.org> | 2010-08-12 10:12:50 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2010-08-12 10:12:50 +0000 |
commit | 544816d4d6817fa61c615e229db5f80a1da5fccd (patch) | |
tree | f234bf4fafa4696c358947a0f302e0ed308b6b39 | |
parent | 949a79e121b62468f94e84a79264c20c9c969104 (diff) | |
download | pkgsrc-544816d4d6817fa61c615e229db5f80a1da5fccd.tar.gz |
Pullup ticket #3204 - requested by taca
www/typolight27: security patch
Revisions pulled up:
- www/typolight27/Makefile patch
- www/typolight27/distinfo patch
- www/typolight27/patches/patch-ab new file
---
Apply patch to fix XSS vulnerability.
-rw-r--r-- | www/typolight27/Makefile | 4 | ||||
-rw-r--r-- | www/typolight27/distinfo | 3 | ||||
-rw-r--r-- | www/typolight27/patches/patch-ab | 23 |
3 files changed, 27 insertions, 3 deletions
diff --git a/www/typolight27/Makefile b/www/typolight27/Makefile index 8d83f74e9c1..39f77217f6d 100644 --- a/www/typolight27/Makefile +++ b/www/typolight27/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.18 2010/06/07 11:22:57 taca Exp $ +# $NetBSD: Makefile,v 1.18.2.1 2010/08/12 10:12:50 tron Exp $ # DISTNAME= typolight-${TL_VERSION} PKGNAME= typolight${TL_VER}-${TL_PKGVER} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/} DIST_SUBDIR= typolight27-20100503 diff --git a/www/typolight27/distinfo b/www/typolight27/distinfo index 3e9b293ebc1..6703e369636 100644 --- a/www/typolight27/distinfo +++ b/www/typolight27/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.11 2010/05/04 13:18:19 taca Exp $ +$NetBSD: distinfo,v 1.11.2.1 2010/08/12 10:12:51 tron Exp $ SHA1 (typolight27-20100503/typolight-2.7.7.tar.gz) = 32c28785ba3cad73f6a3aca62d472854dd7feb16 RMD160 (typolight27-20100503/typolight-2.7.7.tar.gz) = f1da631e186507a6f522f2382b4cc842c75c8cfc Size (typolight27-20100503/typolight-2.7.7.tar.gz) = 4285159 bytes +SHA1 (patch-ab) = d8d6cfaaf9a13e34ff0e08ab8c4d20bd29039bc0 diff --git a/www/typolight27/patches/patch-ab b/www/typolight27/patches/patch-ab new file mode 100644 index 00000000000..2100fcadb68 --- /dev/null +++ b/www/typolight27/patches/patch-ab @@ -0,0 +1,23 @@ +$NetBSD: patch-ab,v 1.1.2.1 2010/08/12 10:12:51 tron Exp $ + +Fix for CSS from repository, r507. + +--- system/modules/frontend/Frontend.php.orig 2009-04-30 18:32:53.000000000 +0000 ++++ system/modules/frontend/Frontend.php +@@ -165,8 +165,16 @@ abstract class Frontend extends Controll + protected function addToUrl($strRequest) + { + $arrGet = $_GET; ++ ++ // Clean the $_GET values (thanks to thyon) ++ foreach (array_keys($arrGet) as $key) ++ { ++ $arrGet[$key] = $this->Input->get($key, true); ++ } ++ + $arrFragments = preg_split('/&(amp;)?/i', $strRequest); + ++ // Merge the new request string + foreach ($arrFragments as $strFragment) + { + $arrParams = explode('=', $strFragment); |