summaryrefslogtreecommitdiff
path: root/www/contao29
diff options
context:
space:
mode:
authortaca <taca>2011-10-07 12:28:11 +0000
committertaca <taca>2011-10-07 12:28:11 +0000
commit65fee354276624b6bcedc970a0738eba6dade400 (patch)
treeaac176d12d6bb1246517d3d6e1f71368043be767 /www/contao29
parent8b4be53965c602976ccd0f1cc60dc029e2475384 (diff)
downloadpkgsrc-65fee354276624b6bcedc970a0738eba6dade400.tar.gz
Add a patch based r1041 from the repository of Contao to fix potential
XSS vulnerability. Bump PKGREVISION.
Diffstat (limited to 'www/contao29')
-rw-r--r--www/contao29/Makefile4
-rw-r--r--www/contao29/distinfo3
-rw-r--r--www/contao29/patches/patch-system_modules_frontend_Frontend.php34
3 files changed, 38 insertions, 3 deletions
diff --git a/www/contao29/Makefile b/www/contao29/Makefile
index 5c60db421b7..76fef2b22e3 100644
--- a/www/contao29/Makefile
+++ b/www/contao29/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.16 2011/09/16 05:46:25 obache Exp $
+# $NetBSD: Makefile,v 1.17 2011/10/07 12:28:55 taca Exp $
#
DISTNAME= contao-${CT_VERSION}
PKGNAME= contao${CT_VER}-${CT_PKGVER}
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/}
diff --git a/www/contao29/distinfo b/www/contao29/distinfo
index 563544003e3..0113807f7c0 100644
--- a/www/contao29/distinfo
+++ b/www/contao29/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.9 2011/05/18 13:25:17 taca Exp $
+$NetBSD: distinfo,v 1.10 2011/10/07 12:28:55 taca Exp $
SHA1 (contao-2.9.5.tar.gz) = 93c1fb67a396f057eb700ec181aaed839c10cb1d
RMD160 (contao-2.9.5.tar.gz) = 0a7229382d50f1d08dd05c10274d08b0bdb1b12c
Size (contao-2.9.5.tar.gz) = 4594817 bytes
+SHA1 (patch-system_modules_frontend_Frontend.php) = 01d545003a265620f7749dffcca15e87bd4b8297
diff --git a/www/contao29/patches/patch-system_modules_frontend_Frontend.php b/www/contao29/patches/patch-system_modules_frontend_Frontend.php
new file mode 100644
index 00000000000..aacc171583b
--- /dev/null
+++ b/www/contao29/patches/patch-system_modules_frontend_Frontend.php
@@ -0,0 +1,34 @@
+$NetBSD: patch-system_modules_frontend_Frontend.php,v 1.1 2011/10/07 12:28:55 taca Exp $
+
+* Fix potential XSS vulnerability, r1041.
+
+--- system/modules/frontend/Frontend.php.orig 2011-03-02 13:03:27.000000000 +0000
++++ system/modules/frontend/Frontend.php
+@@ -80,7 +80,7 @@ abstract class Frontend extends Controll
+ return is_numeric($this->Input->get('id')) ? $this->Input->get('id') : null;
+ }
+
+- if (!strlen($this->Environment->request))
++ if ($this->Environment->request == '')
+ {
+ return null;
+ }
+@@ -106,13 +106,15 @@ abstract class Frontend extends Controll
+ }
+ }
+
+- // Add fragments to $_GET array
++ // DO NOT USE urldecode() HERE (XSS vulnerability)!
++
++ // Add the fragments to the $_GET array
+ for ($i=1; $i<count($arrFragments); $i+=2)
+ {
+- $_GET[urldecode($arrFragments[$i])] = urldecode($arrFragments[$i+1]);
++ $_GET[$arrFragments[$i]] = $arrFragments[$i+1];
+ }
+
+- return strlen($arrFragments[0]) ? urldecode($arrFragments[0]) : null;
++ return ($arrFragments[0] != '') ? $arrFragments[0] : null;
+ }
+
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-08 07:55:30 +0000