diff options
| author | taca <taca> | 2010-07-28 16:24:20 +0000 |
|---|---|---|
| committer | taca <taca> | 2010-07-28 16:24:20 +0000 |
| commit | bd94a1c02cf9832b9550150010cdddc5b4e16240 (patch) | |
| tree | 79d0c10262aefa2d0a745a1dd91f530fee737c2d | |
| parent | f8259542e8cac16f3d536138e65aa9bbb9e553fd (diff) | |
| download | pkgsrc-bd94a1c02cf9832b9550150010cdddc5b4e16240.tar.gz | |
Add a patch from Contao(TYPOlight) repository to fix possible
XSS problem on frontend module.
Bump PKGREVISION.
| -rw-r--r-- | www/typolight28/Makefile | 3 | ||||
| -rw-r--r-- | www/typolight28/distinfo | 3 | ||||
| -rw-r--r-- | www/typolight28/patches/patch-ad | 23 |
3 files changed, 27 insertions, 2 deletions
diff --git a/www/typolight28/Makefile b/www/typolight28/Makefile index 19d158057c5..dec94251fe4 100644 --- a/www/typolight28/Makefile +++ b/www/typolight28/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.10 2010/07/03 04:00:09 taca Exp $ +# $NetBSD: Makefile,v 1.11 2010/07/28 16:24:20 taca Exp $ # DISTNAME= typolight-${TL_VERSION} PKGNAME= typolight${TL_VER}-${TL_PKGVER} +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/} diff --git a/www/typolight28/distinfo b/www/typolight28/distinfo index c50ea318e13..9db47f75de3 100644 --- a/www/typolight28/distinfo +++ b/www/typolight28/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.8 2010/07/03 04:00:09 taca Exp $ +$NetBSD: distinfo,v 1.9 2010/07/28 16:24:20 taca Exp $ SHA1 (typolight-2.8.4.tar.gz) = d18d684a06f5dd29ffc6a28d08143feb613cd47b RMD160 (typolight-2.8.4.tar.gz) = ad82d00e3b7ec4e604640779fec841fcfc65f75c Size (typolight-2.8.4.tar.gz) = 4097946 bytes +SHA1 (patch-ad) = 207ce919bb6fa7148108f8bd075d3a7d7ad1eeb9 diff --git a/www/typolight28/patches/patch-ad b/www/typolight28/patches/patch-ad new file mode 100644 index 00000000000..8391863b260 --- /dev/null +++ b/www/typolight28/patches/patch-ad @@ -0,0 +1,23 @@ +$NetBSD: patch-ad,v 1.1 2010/07/28 16:24:20 taca Exp $ + +Fix for CSS from repository, r507. + +--- system/modules/frontend/Frontend.php.orig 2010-04-19 10:22:31.000000000 +0000 ++++ system/modules/frontend/Frontend.php +@@ -166,8 +166,16 @@ abstract class Frontend extends Controll + protected function addToUrl($strRequest, $blnIgnoreParams=false) + { + $arrGet = $blnIgnoreParams ? array() : $_GET; ++ ++ // Clean the $_GET values (thanks to thyon) ++ foreach (array_keys($arrGet) as $key) ++ { ++ $arrGet[$key] = $this->Input->get($key, true); ++ } ++ + $arrFragments = preg_split('/&(amp;)?/i', $strRequest); + ++ // Merge the new request string + foreach ($arrFragments as $strFragment) + { + list($key, $value) = explode('=', $strFragment); |