diff options
author | ryoon <ryoon> | 2011-12-26 19:05:32 +0000 |
---|---|---|
committer | ryoon <ryoon> | 2011-12-26 19:05:32 +0000 |
commit | 5d33637981ea8f7cf1295c496f045c8387a3a955 (patch) | |
tree | 39d34935753ceb9818fb894d1366c722349f370d /www/php-tiki6 | |
parent | 94e20d7939064f615b578eec0835917d079877fa (diff) | |
download | pkgsrc-5d33637981ea8f7cf1295c496f045c8387a3a955.tar.gz |
Fix security bug, http://dev.tiki.org/item4059, patch from upstream SVN.
Bump PKGREVISION.
Diffstat (limited to 'www/php-tiki6')
-rw-r--r-- | www/php-tiki6/Makefile | 4 | ||||
-rw-r--r-- | www/php-tiki6/distinfo | 5 | ||||
-rw-r--r-- | www/php-tiki6/patches/patch-lib_wiki-plugins_wikiplugin__snarf.php | 22 |
3 files changed, 28 insertions, 3 deletions
diff --git a/www/php-tiki6/Makefile b/www/php-tiki6/Makefile index 3f24c0d2218..f0caff982c5 100644 --- a/www/php-tiki6/Makefile +++ b/www/php-tiki6/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.6 2011/12/25 03:35:39 ryoon Exp $ +# $NetBSD: Makefile,v 1.7 2011/12/26 19:05:32 ryoon Exp $ # DISTNAME= tiki-6.5 PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/tiki-/tiki6-/} +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tikiwiki/} EXTRACT_SUFX= .tar.bz2 @@ -35,6 +36,7 @@ FILES_SUBST+= WWWGRP=${APACHE_GROUP} WWWOWN=${APACHE_USER} \ do-install: ${RM} ${WRKSRC}/*orig + ${RM} ${WRKSRC}/lib/wiki-plugins/*orig cd ${WRKSRC} && sh setup.sh -u ${APACHE_USER} -g ${APACHE_GROUP} -n cd ${WRKSRC} && pax -rw -pmp * \ ${DESTDIR}${PREFIX}/${TIKIDIR} diff --git a/www/php-tiki6/distinfo b/www/php-tiki6/distinfo index c94d2d65315..d47e9c28fa4 100644 --- a/www/php-tiki6/distinfo +++ b/www/php-tiki6/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.2 2011/12/25 01:29:01 ryoon Exp $ +$NetBSD: distinfo,v 1.3 2011/12/26 19:05:32 ryoon Exp $ SHA1 (tiki-6.5.tar.bz2) = 645fd9c64e9ab998247749fcde90776359e07a69 RMD160 (tiki-6.5.tar.bz2) = b2e985c2884e40502b59532c950c075de90a613c Size (tiki-6.5.tar.bz2) = 18366043 bytes -SHA1 (patch-setup.sh) = b0e7c905700b97bdcb8b040679d477b4865fefc7 +SHA1 (patch-lib_wiki-plugins_wikiplugin__snarf.php) = cd34e0a5a031a91b304c16ac2fd2e5ec12dcc541 +SHA1 (patch-setup.sh) = 554104a64ab2b91e2b80a67702c2f5f19937e5b3 diff --git a/www/php-tiki6/patches/patch-lib_wiki-plugins_wikiplugin__snarf.php b/www/php-tiki6/patches/patch-lib_wiki-plugins_wikiplugin__snarf.php new file mode 100644 index 00000000000..8300cf5ef9e --- /dev/null +++ b/www/php-tiki6/patches/patch-lib_wiki-plugins_wikiplugin__snarf.php @@ -0,0 +1,22 @@ +$NetBSD: patch-lib_wiki-plugins_wikiplugin__snarf.php,v 1.1 2011/12/26 19:05:32 ryoon Exp $ + +* Fix security bug, http://dev.tiki.org/item4059 . + +--- lib/wiki-plugins/wikiplugin_snarf.php.orig 2011-07-14 22:36:39.000000000 +0000 ++++ lib/wiki-plugins/wikiplugin_snarf.php +@@ -178,8 +178,13 @@ function wikiplugin_snarf($data, $params + } + + // If the user specified a more specialized regex +- if ( isset($params['regex']) && isset($params['regexres']) && preg_match('/^(.)(.)+\1[^e]*$/', $params['regex']) ) { +- $snarf = preg_replace( $params['regex'], $params['regexres'], $snarf ); ++ if (isset($params['regex']) && isset($params['regexres'])) { ++ // fixes http://dev.tiki.org/item4059 ++ $params['regex'] = str_replace("\0", "", $params['regex']); ++ ++ if (preg_match('/^(.)(.)+\1[^e]*$/', $params['regex'])) { ++ $snarf = preg_replace($params['regex'], $params['regexres'], $snarf); ++ } + } + + if ( $data == '' ) $data = NULL; |