diff options
| author | taca <taca@pkgsrc.org> | 2008-09-09 14:34:13 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2008-09-09 14:34:13 +0000 |
| commit | 87755c333b4d7fc2d396f7894b62d77f7673ecb8 (patch) | |
| tree | 8d1afafe255f6acc626814b5961351e921abeb2b /www/geeklog | |
| parent | b4b6ad587d529c230a12438f6e8712ef6fd80193 (diff) | |
| download | pkgsrc-87755c333b4d7fc2d396f7894b62d77f7673ecb8.tar.gz | |
Add security fix of FCKeditor.
http://www.geeklog.net/article.php/file-uploads
Bump PKGREVISION.
Diffstat (limited to 'www/geeklog')
| -rw-r--r-- | www/geeklog/Makefile | 4 | ||||
| -rw-r--r-- | www/geeklog/distinfo | 3 | ||||
| -rw-r--r-- | www/geeklog/patches/patch-ai | 17 |
3 files changed, 21 insertions, 3 deletions
diff --git a/www/geeklog/Makefile b/www/geeklog/Makefile index 51212ff474a..dc5327105d7 100644 --- a/www/geeklog/Makefile +++ b/www/geeklog/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.19 2008/06/20 01:09:41 joerg Exp $ +# $NetBSD: Makefile,v 1.20 2008/09/09 14:34:13 taca Exp $ # DISTNAME= geeklog-${VER} PKGNAME= geeklog-${VER:C/(sr|-)/./g} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= www MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/ diff --git a/www/geeklog/distinfo b/www/geeklog/distinfo index 380ba850799..e0c25fbefaa 100644 --- a/www/geeklog/distinfo +++ b/www/geeklog/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.7 2008/06/19 14:08:42 taca Exp $ +$NetBSD: distinfo,v 1.8 2008/09/09 14:34:13 taca Exp $ SHA1 (geeklog-1.4.1.tar.gz) = c323c29b523598b97d7e0957435c0ec0c31cb290 RMD160 (geeklog-1.4.1.tar.gz) = bfac9946b34d0254fedd3a54cf742b044d347a3c @@ -8,3 +8,4 @@ SHA1 (patch-ab) = 3cbc5f3845eaaf78c349e1bc82e8e792627a12db SHA1 (patch-ac) = e5523aab7a13f014ecb961a53f8d962115c4d7b4 SHA1 (patch-ag) = 207ef0801d865ff16d2a99f0732ea0cb49ce2ad5 SHA1 (patch-ah) = 376e1208f0ec332e9da243a9a475d5569158d6d3 +SHA1 (patch-ai) = eff7c257032feb8fcfd81a44f560e5e747d41610 diff --git a/www/geeklog/patches/patch-ai b/www/geeklog/patches/patch-ai new file mode 100644 index 00000000000..5e6153230e5 --- /dev/null +++ b/www/geeklog/patches/patch-ai @@ -0,0 +1,17 @@ +$NetBSD: patch-ai,v 1.1 2008/09/09 14:34:13 taca Exp $ + +Security fix for FCKeditor uploading files. + +--- public_html/fckeditor/editor/filemanager/upload/php/upload.php.orig 2006-06-18 06:25:36.000000000 +0900 ++++ public_html/fckeditor/editor/filemanager/upload/php/upload.php +@@ -18,6 +18,10 @@ + * Frederico Caldeira Knabben (fredck@fckeditor.net) + */ + ++if (strpos($_SERVER['PHP_SELF'], 'upload.php') !== false) { ++ die('This file can not be used on its own!'); ++} ++ + require('config.php') ; + require('util.php') ; + |