diff options
author | taca <taca@pkgsrc.org> | 2009-09-13 01:15:10 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2009-09-13 01:15:10 +0000 |
commit | 3dca347fc28d6cffdcde5f8c64dc16460f589bab (patch) | |
tree | ea501bcf55e6048dd50d14bb9f77610ab2a39a4b /www/geeklog/patches/patch-ak | |
parent | bb88bf0455b4b69f05038913b3b844fd2b0155b5 (diff) | |
download | pkgsrc-3dca347fc28d6cffdcde5f8c64dc16460f589bab.tar.gz |
Update Geeklog 1.5.2sr5 by adding patches since 1.5.2sr5 isn't provided
as full release.
And add updated fckeditor for Geeklog.
These updates should fix known security problems, Secunia SA36372.
Jul 30, 2009 (1.5.2sr5)
------------
This release addresses the following security issues:
- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
email a story to a friend.
- The "Mail Story to a Friend" function didn't check story permissions, so that
it was possible to email a story even if you didn't have the permissions to
view it on the site.
Diffstat (limited to 'www/geeklog/patches/patch-ak')
-rw-r--r-- | www/geeklog/patches/patch-ak | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/www/geeklog/patches/patch-ak b/www/geeklog/patches/patch-ak new file mode 100644 index 00000000000..a3757819cd9 --- /dev/null +++ b/www/geeklog/patches/patch-ak @@ -0,0 +1,14 @@ +$NetBSD: patch-ak,v 1.1 2009/09/13 01:15:11 taca Exp $ + +* Send correct charset parameter. + +--- public_html/admin/install/configinfo.php.orig 2008-05-11 16:25:08.000000000 +0900 ++++ public_html/admin/install/configinfo.php +@@ -92,6 +92,7 @@ foreach ($_CONF as $option => $value) { + } + $display .= "</table>\n</body>\n</html>"; + ++header('Content-Type: text/html; charset=' . COM_getCharset()); + echo $display; + + ?> |