diff options
| author | taca <taca@pkgsrc.org> | 2012-03-13 03:16:30 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2012-03-13 03:16:30 +0000 |
| commit | ff953f88bc19af0ce77d50e4ab709e1a906f7f1a (patch) | |
| tree | 537380921dfe9b43b406df958a998f75eac2c989 | |
| parent | 3a2c42dd461682b0266db441250e609ab03214f6 (diff) | |
| download | pkgsrc-ff953f88bc19af0ce77d50e4ab709e1a906f7f1a.tar.gz | |
Add a little experimental fix to prevent CSRF.
Bump PKGREVISION.
| -rw-r--r-- | www/contao29/Makefile | 4 | ||||
| -rw-r--r-- | www/contao29/distinfo | 3 | ||||
| -rw-r--r-- | www/contao29/patches/patch-system_initialize.php | 15 |
3 files changed, 19 insertions, 3 deletions
diff --git a/www/contao29/Makefile b/www/contao29/Makefile index 5fdf280559b..cd0ded0a4f5 100644 --- a/www/contao29/Makefile +++ b/www/contao29/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.19 2011/11/17 11:17:39 taca Exp $ +# $NetBSD: Makefile,v 1.20 2012/03/13 03:16:30 taca Exp $ # DISTNAME= contao-${CT_VERSION} PKGNAME= contao${CT_VER}-${CT_PKGVER} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=contao/} diff --git a/www/contao29/distinfo b/www/contao29/distinfo index d1796d729de..22546b8571e 100644 --- a/www/contao29/distinfo +++ b/www/contao29/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.11 2011/10/10 16:35:10 taca Exp $ +$NetBSD: distinfo,v 1.12 2012/03/13 03:16:30 taca Exp $ SHA1 (contao-2.9.5.tar.gz) = 93c1fb67a396f057eb700ec181aaed839c10cb1d RMD160 (contao-2.9.5.tar.gz) = 0a7229382d50f1d08dd05c10274d08b0bdb1b12c Size (contao-2.9.5.tar.gz) = 4594817 bytes +SHA1 (patch-system_initialize.php) = 609c0b9dc91b026f3899db779f25d4140552273f SHA1 (patch-system_libraries_Input.php) = 57668dde6d82d793ec1a08424df3172ce1d8a758 SHA1 (patch-system_modules_frontend_Frontend.php) = c5a530951f11407a6bd1914a19c3b6f3ad550077 SHA1 (patch-system_modules_frontend_ModuleArticlenav.php) = a92c2e4acf097aa00336029e68a59f6139531e0e diff --git a/www/contao29/patches/patch-system_initialize.php b/www/contao29/patches/patch-system_initialize.php new file mode 100644 index 00000000000..31b9bec321e --- /dev/null +++ b/www/contao29/patches/patch-system_initialize.php @@ -0,0 +1,15 @@ +$NetBSD: patch-system_initialize.php,v 1.1 2012/03/13 03:16:30 taca Exp $ + +* More strict check against POST. + +--- system/initialize.php.orig 2011-03-04 14:13:25.000000000 +0000 ++++ system/initialize.php +@@ -157,7 +157,7 @@ else + /** + * Check referer address if there are $_POST variables + */ +-if ($_POST && !$GLOBALS['TL_CONFIG']['disableRefererCheck']) ++if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$GLOBALS['TL_CONFIG']['disableRefererCheck']) + { + $self = parse_url($objEnvironment->url); + $referer = parse_url($objEnvironment->httpReferer); |