diff options
author | taca <taca@pkgsrc.org> | 2011-10-10 16:32:59 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2011-10-10 16:32:59 +0000 |
commit | 0b63be28ba94be15b44480b3c27f5c22f5bec2ea (patch) | |
tree | e0d184c5542140fc02ae352080a7e6882bea11b6 | |
parent | 3baaf6170cb4373b1d7bd53fc82a61a5338385fc (diff) | |
download | pkgsrc-0b63be28ba94be15b44480b3c27f5c22f5bec2ea.tar.gz |
Update contao210 package to 2.10.2.
It is really fix the XSS problem.
Version 2.10.2 (2011-10-10)
---------------------------
- Updated: updated TinyMCE to version 3.4.6
- Fixed: do not remove slashes just because get_magic_quotes_gpc() exists
- Fixed: CSS units were not always applied when used with global variables
(#3464)
- Fixed: the task deadline field did not show the date picker (#3351)
- Fixed: do not return empty lines in the compileDefinition hook (#3440)
- Fixed: the TinyMCE spellchecker did not work anymore (#3487)
- Fixed: the regexp for validating phone numbers accepted invalid values
(#3493)
- Fixed: added the new HTML5 elements to the valid TinyMCE tags (#3479)
- Fixed: the style sheet generator did not support absolute URLs (#3512)
- Fixed: fixed a potential XSS vulnerability (thanks to sschurtz)
- Fixed a few minor issues
-rw-r--r-- | www/contao/Makefile.common | 4 | ||||
-rw-r--r-- | www/contao210/Makefile | 3 | ||||
-rw-r--r-- | www/contao210/distinfo | 9 | ||||
-rw-r--r-- | www/contao210/patches/patch-system_modules_frontend_Frontend.php | 34 |
4 files changed, 7 insertions, 43 deletions
diff --git a/www/contao/Makefile.common b/www/contao/Makefile.common index 4ab577ddd34..619ca49e115 100644 --- a/www/contao/Makefile.common +++ b/www/contao/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.3 2011/08/31 14:33:22 taca Exp $ +# $NetBSD: Makefile.common,v 1.4 2011/10/10 16:32:59 taca Exp $ # # used by www/contao29/Makefile # used by www/contao29-example/Makefile @@ -10,7 +10,7 @@ # current release CT29_VERSION= 2.9.5 -CT210_VERSION= 2.10.1 +CT210_VERSION= 2.10.2 CT_VERS?= 210 diff --git a/www/contao210/Makefile b/www/contao210/Makefile index 3168f4d6014..a4d3c0cf74f 100644 --- a/www/contao210/Makefile +++ b/www/contao210/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2011/10/07 12:28:11 taca Exp $ +# $NetBSD: Makefile,v 1.4 2011/10/10 16:32:59 taca Exp $ # DISTNAME= contao-${CT_VERSION} PKGNAME= contao${CT_VER}-${CT_PKGVER} -PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/} diff --git a/www/contao210/distinfo b/www/contao210/distinfo index f7f1ec1bb6f..4e812a58724 100644 --- a/www/contao210/distinfo +++ b/www/contao210/distinfo @@ -1,6 +1,5 @@ -$NetBSD: distinfo,v 1.3 2011/10/07 12:28:11 taca Exp $ +$NetBSD: distinfo,v 1.4 2011/10/10 16:32:59 taca Exp $ -SHA1 (contao-2.10.1.tar.gz) = f8139b1baef077f5ddb2ba5b7d3fc6b6169db147 -RMD160 (contao-2.10.1.tar.gz) = cb71bdadc9414bd03394ef71928b7fb00d3c5f0b -Size (contao-2.10.1.tar.gz) = 4868666 bytes -SHA1 (patch-system_modules_frontend_Frontend.php) = 9e3bc3196d93ef28ef1db842750ab40f50eb10f9 +SHA1 (contao-2.10.2.tar.gz) = 78db9e1ee385f169ac70e4c9a1e09d5bf1c6ef47 +RMD160 (contao-2.10.2.tar.gz) = d4feedfeadf93384bf3d76f8a380c0772b3a3c92 +Size (contao-2.10.2.tar.gz) = 4871543 bytes diff --git a/www/contao210/patches/patch-system_modules_frontend_Frontend.php b/www/contao210/patches/patch-system_modules_frontend_Frontend.php deleted file mode 100644 index 366484a1b06..00000000000 --- a/www/contao210/patches/patch-system_modules_frontend_Frontend.php +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-system_modules_frontend_Frontend.php,v 1.1 2011/10/07 12:28:11 taca Exp $ - -* Fix potential XSS vulnerability, r1041. - ---- system/modules/frontend/Frontend.php.orig 2011-08-19 12:08:32.000000000 +0000 -+++ system/modules/frontend/Frontend.php -@@ -80,7 +80,7 @@ abstract class Frontend extends Controll - return is_numeric($this->Input->get('id')) ? $this->Input->get('id') : null; - } - -- if (!strlen($this->Environment->request)) -+ if ($this->Environment->request == '') - { - return null; - } -@@ -106,13 +106,15 @@ abstract class Frontend extends Controll - } - } - -- // Add fragments to $_GET array -+ // DO NOT USE urldecode() HERE (XSS vulnerability)! -+ -+ // Add the fragments to the $_GET array - for ($i=1; $i<count($arrFragments); $i+=2) - { -- $_GET[urldecode($arrFragments[$i])] = urldecode($arrFragments[$i+1]); -+ $_GET[$arrFragments[$i]] = $arrFragments[$i+1]; - } - -- return strlen($arrFragments[0]) ? urldecode($arrFragments[0]) : null; -+ return ($arrFragments[0] != '') ? $arrFragments[0] : null; - } - - |