diff options
| author | tron <tron@pkgsrc.org> | 2012-03-14 17:42:33 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2012-03-14 17:42:33 +0000 |
| commit | 5fc045993afddf31263f460890b64f6dc2368743 (patch) | |
| tree | ccb1d91435ac16c6da93697fc5416216a91a05af | |
| parent | f0ed82b65b220383c9ce8edf782f271f88821325 (diff) | |
| download | pkgsrc-5fc045993afddf31263f460890b64f6dc2368743.tar.gz | |
Pullup ticket #3703 - requested by taca
www/contao29: security patch
Revisions pulled up:
- www/contao29/Makefile 1.20
- www/contao29/distinfo 1.12
- www/contao29/patches/patch-system_initialize.php 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 13 03:16:30 UTC 2012
Modified Files:
pkgsrc/www/contao29: Makefile distinfo
Added Files:
pkgsrc/www/contao29/patches: patch-system_initialize.php
Log Message:
Add a little experimental fix to prevent CSRF.
Bump PKGREVISION.
| -rw-r--r-- | www/contao29/Makefile | 4 | ||||
| -rw-r--r-- | www/contao29/distinfo | 3 | ||||
| -rw-r--r-- | www/contao29/patches/patch-system_initialize.php | 15 |
3 files changed, 19 insertions, 3 deletions
diff --git a/www/contao29/Makefile b/www/contao29/Makefile index 5fdf280559b..5149ced925d 100644 --- a/www/contao29/Makefile +++ b/www/contao29/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.19 2011/11/17 11:17:39 taca Exp $ +# $NetBSD: Makefile,v 1.19.2.1 2012/03/14 17:42:33 tron Exp $ # DISTNAME= contao-${CT_VERSION} PKGNAME= contao${CT_VER}-${CT_PKGVER} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=contao/} diff --git a/www/contao29/distinfo b/www/contao29/distinfo index d1796d729de..1706e645a91 100644 --- a/www/contao29/distinfo +++ b/www/contao29/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.11 2011/10/10 16:35:10 taca Exp $ +$NetBSD: distinfo,v 1.11.2.1 2012/03/14 17:42:33 tron Exp $ SHA1 (contao-2.9.5.tar.gz) = 93c1fb67a396f057eb700ec181aaed839c10cb1d RMD160 (contao-2.9.5.tar.gz) = 0a7229382d50f1d08dd05c10274d08b0bdb1b12c Size (contao-2.9.5.tar.gz) = 4594817 bytes +SHA1 (patch-system_initialize.php) = 609c0b9dc91b026f3899db779f25d4140552273f SHA1 (patch-system_libraries_Input.php) = 57668dde6d82d793ec1a08424df3172ce1d8a758 SHA1 (patch-system_modules_frontend_Frontend.php) = c5a530951f11407a6bd1914a19c3b6f3ad550077 SHA1 (patch-system_modules_frontend_ModuleArticlenav.php) = a92c2e4acf097aa00336029e68a59f6139531e0e diff --git a/www/contao29/patches/patch-system_initialize.php b/www/contao29/patches/patch-system_initialize.php new file mode 100644 index 00000000000..28b4394fb62 --- /dev/null +++ b/www/contao29/patches/patch-system_initialize.php @@ -0,0 +1,15 @@ +$NetBSD: patch-system_initialize.php,v 1.1.2.2 2012/03/14 17:42:33 tron Exp $ + +* More strict check against POST. + +--- system/initialize.php.orig 2011-03-04 14:13:25.000000000 +0000 ++++ system/initialize.php +@@ -157,7 +157,7 @@ else + /** + * Check referer address if there are $_POST variables + */ +-if ($_POST && !$GLOBALS['TL_CONFIG']['disableRefererCheck']) ++if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$GLOBALS['TL_CONFIG']['disableRefererCheck']) + { + $self = parse_url($objEnvironment->url); + $referer = parse_url($objEnvironment->httpReferer); |