diff options
author | taca <taca> | 2011-10-10 16:35:10 +0000 |
---|---|---|
committer | taca <taca> | 2011-10-10 16:35:10 +0000 |
commit | 35f39a2c26b2ae2f18798c1788fb76c00f11b67a (patch) | |
tree | 313a733323e5ac628dbfb18a3a8685f1906f6e9b /www/contao29 | |
parent | b534b0946ebc934ba2df5ffbb5bf85cffbf6d86d (diff) | |
download | pkgsrc-35f39a2c26b2ae2f18798c1788fb76c00f11b67a.tar.gz |
Add update patche to fix XSS from Contao's repository.
Bump PKGREVISION.
Diffstat (limited to 'www/contao29')
-rw-r--r-- | www/contao29/Makefile | 4 | ||||
-rw-r--r-- | www/contao29/distinfo | 6 | ||||
-rw-r--r-- | www/contao29/patches/patch-system_libraries_Input.php | 93 | ||||
-rw-r--r-- | www/contao29/patches/patch-system_modules_frontend_Frontend.php | 52 | ||||
-rw-r--r-- | www/contao29/patches/patch-system_modules_frontend_ModuleArticlenav.php | 15 |
5 files changed, 160 insertions, 10 deletions
diff --git a/www/contao29/Makefile b/www/contao29/Makefile index 76fef2b22e3..5c014221479 100644 --- a/www/contao29/Makefile +++ b/www/contao29/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.17 2011/10/07 12:28:55 taca Exp $ +# $NetBSD: Makefile,v 1.18 2011/10/10 16:35:10 taca Exp $ # DISTNAME= contao-${CT_VERSION} PKGNAME= contao${CT_VER}-${CT_PKGVER} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/} diff --git a/www/contao29/distinfo b/www/contao29/distinfo index 0113807f7c0..d1796d729de 100644 --- a/www/contao29/distinfo +++ b/www/contao29/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.10 2011/10/07 12:28:55 taca Exp $ +$NetBSD: distinfo,v 1.11 2011/10/10 16:35:10 taca Exp $ SHA1 (contao-2.9.5.tar.gz) = 93c1fb67a396f057eb700ec181aaed839c10cb1d RMD160 (contao-2.9.5.tar.gz) = 0a7229382d50f1d08dd05c10274d08b0bdb1b12c Size (contao-2.9.5.tar.gz) = 4594817 bytes -SHA1 (patch-system_modules_frontend_Frontend.php) = 01d545003a265620f7749dffcca15e87bd4b8297 +SHA1 (patch-system_libraries_Input.php) = 57668dde6d82d793ec1a08424df3172ce1d8a758 +SHA1 (patch-system_modules_frontend_Frontend.php) = c5a530951f11407a6bd1914a19c3b6f3ad550077 +SHA1 (patch-system_modules_frontend_ModuleArticlenav.php) = a92c2e4acf097aa00336029e68a59f6139531e0e diff --git a/www/contao29/patches/patch-system_libraries_Input.php b/www/contao29/patches/patch-system_libraries_Input.php new file mode 100644 index 00000000000..8ea2ce62d64 --- /dev/null +++ b/www/contao29/patches/patch-system_libraries_Input.php @@ -0,0 +1,93 @@ +$NetBSD: patch-system_libraries_Input.php,v 1.1 2011/10/10 16:35:11 taca Exp $ + +* Fix potential XSS vulnerability, r1044. + +--- system/libraries/Input.php.orig 2011-03-02 13:03:27.000000000 +0000 ++++ system/libraries/Input.php +@@ -54,9 +54,14 @@ class Input + + + /** +- * Prevent direct instantiation (Singleton) ++ * Clean the keys of the request arrays + */ +- protected function __construct() {} ++ protected function __construct() ++ { ++ $_GET = $this->cleanKey($_GET); ++ $_POST = $this->cleanKey($_POST); ++ $_COOKIE = $this->cleanKey($_COOKIE); ++ } + + + /** +@@ -234,6 +239,8 @@ class Input + */ + public function setGet($strKey, $varValue) + { ++ $strKey = $this->cleanKey($strKey); ++ + unset($this->arrCache['getEncoded'][$strKey]); + unset($this->arrCache['getDecoded'][$strKey]); + +@@ -255,6 +262,8 @@ class Input + */ + public function setPost($strKey, $varValue) + { ++ $strKey = $this->cleanKey($strKey); ++ + unset($this->arrCache['postEncoded'][$strKey]); + unset($this->arrCache['postDecoded'][$strKey]); + unset($this->arrCache['postRaw'][$strKey]); +@@ -277,6 +286,8 @@ class Input + */ + public function setCookie($strKey, $varValue) + { ++ $strKey = $this->cleanKey($strKey); ++ + unset($this->arrCache['cookieEncoded'][$strKey]); + unset($this->arrCache['cookieDecoded'][$strKey]); + +@@ -301,6 +312,42 @@ class Input + + + /** ++ * Sanitize a key name or an array (thanks to Andreas Schempp) ++ * @param mixed ++ * @return mixed ++ */ ++ protected function cleanKey($varValue) ++ { ++ // Recursively clean arrays ++ if (is_array($varValue)) ++ { ++ $return = array(); ++ ++ foreach ($varValue as $k=>$v) ++ { ++ $k = $this->cleanKey($k); ++ ++ if (is_array($v)) ++ { ++ $v = $this->cleanKey($v); ++ } ++ ++ $return[$k] = $v; ++ } ++ ++ return $return; ++ } ++ ++ $varValue = $this->stripSlashes($varValue); ++ $varValue = $this->decodeEntities($varValue); ++ $varValue = $this->xssClean($varValue, true); ++ $varValue = $this->stripTags($varValue); ++ ++ return $varValue; ++ } ++ ++ ++ /** + * Strip slashes + * @param mixed + * @return mixed diff --git a/www/contao29/patches/patch-system_modules_frontend_Frontend.php b/www/contao29/patches/patch-system_modules_frontend_Frontend.php index aacc171583b..87403bc561a 100644 --- a/www/contao29/patches/patch-system_modules_frontend_Frontend.php +++ b/www/contao29/patches/patch-system_modules_frontend_Frontend.php @@ -1,10 +1,10 @@ -$NetBSD: patch-system_modules_frontend_Frontend.php,v 1.1 2011/10/07 12:28:55 taca Exp $ +$NetBSD: patch-system_modules_frontend_Frontend.php,v 1.2 2011/10/10 16:35:11 taca Exp $ -* Fix potential XSS vulnerability, r1041. +* Fix potential XSS vulnerability, r1041 and r1044. --- system/modules/frontend/Frontend.php.orig 2011-03-02 13:03:27.000000000 +0000 +++ system/modules/frontend/Frontend.php -@@ -80,7 +80,7 @@ abstract class Frontend extends Controll +@@ -80,14 +80,13 @@ abstract class Frontend extends Controll return is_numeric($this->Input->get('id')) ? $this->Input->get('id') : null; } @@ -13,18 +13,25 @@ $NetBSD: patch-system_modules_frontend_Frontend.php,v 1.1 2011/10/07 12:28:55 ta { return null; } -@@ -106,13 +106,15 @@ abstract class Frontend extends Controll + + $strRequest = preg_replace('/\?.*$/i', '', $this->Environment->request); + $strRequest = preg_replace('/' . preg_quote($GLOBALS['TL_CONFIG']['urlSuffix'], '/') . '$/i', '', $strRequest); +- + $arrFragments = explode('/', $strRequest); + + // Skip index.php +@@ -106,13 +105,15 @@ abstract class Frontend extends Controll } } - // Add fragments to $_GET array -+ // DO NOT USE urldecode() HERE (XSS vulnerability)! ++ $arrFragments = array_map('urldecode', $arrFragments); + + // Add the fragments to the $_GET array for ($i=1; $i<count($arrFragments); $i+=2) { - $_GET[urldecode($arrFragments[$i])] = urldecode($arrFragments[$i+1]); -+ $_GET[$arrFragments[$i]] = $arrFragments[$i+1]; ++ $this->Input->setGet($arrFragments[$i], $arrFragments[$i+1]); } - return strlen($arrFragments[0]) ? urldecode($arrFragments[0]) : null; @@ -32,3 +39,36 @@ $NetBSD: patch-system_modules_frontend_Frontend.php,v 1.1 2011/10/07 12:28:55 ta } +@@ -136,7 +137,7 @@ abstract class Frontend extends Controll + + + /** +- * Overwrite parent method as front end URLs are handled differently ++ * Overwrite the parent method as front end URLs are handled differently + * @param string + * @param boolean + * @return string +@@ -170,9 +171,22 @@ abstract class Frontend extends Controll + + $strParams = ''; + ++ // Determine connector and separator ++ if ($GLOBALS['TL_CONFIG']['disableAlias']) ++ { ++ $strConnector = '&'; ++ $strSeparator = '='; ++ } ++ else ++ { ++ $strConnector = '/'; ++ $strSeparator = '/'; ++ } ++ ++ // Compile the parameters string + foreach ($arrGet as $k=>$v) + { +- $strParams .= $GLOBALS['TL_CONFIG']['disableAlias'] ? '&' . $k . '=' . $v : '/' . $k . '/' . $v; ++ $strParams .= $strConnector . urlencode($k) . $strSeparator . urlencode($v); + } + + // Do not use aliases diff --git a/www/contao29/patches/patch-system_modules_frontend_ModuleArticlenav.php b/www/contao29/patches/patch-system_modules_frontend_ModuleArticlenav.php new file mode 100644 index 00000000000..8fe2a67d49a --- /dev/null +++ b/www/contao29/patches/patch-system_modules_frontend_ModuleArticlenav.php @@ -0,0 +1,15 @@ +$NetBSD: patch-system_modules_frontend_ModuleArticlenav.php,v 1.1 2011/10/10 16:35:11 taca Exp $ + +* Fix potential XSS vulnerability, r1044. + +--- system/modules/frontend/ModuleArticlenav.php.orig 2011-03-02 13:03:27.000000000 +0000 ++++ system/modules/frontend/ModuleArticlenav.php +@@ -93,7 +93,7 @@ class ModuleArticlenav extends Module + return ''; + } + +- $strAlias = (strlen($this->objArticles->alias) && !$GLOBALS['TL_CONFIG']['disableAlias']) ? $this->objArticles->alias : $this->objArticles->id; ++ $strAlias = ($this->objArticles->alias != '' && !$GLOBALS['TL_CONFIG']['disableAlias']) ? $this->objArticles->alias : $this->objArticles->id; + $this->redirect($this->addToUrl('articles=' . $strAlias)); + } + |