summaryrefslogtreecommitdiff
path: root/databases/phpldapadmin/patches/patch-htdocs_export.php
diff options
context:
space:
mode:
Diffstat (limited to 'databases/phpldapadmin/patches/patch-htdocs_export.php')
-rw-r--r--databases/phpldapadmin/patches/patch-htdocs_export.php22
1 files changed, 22 insertions, 0 deletions
diff --git a/databases/phpldapadmin/patches/patch-htdocs_export.php b/databases/phpldapadmin/patches/patch-htdocs_export.php
new file mode 100644
index 00000000000..41b3a960ce6
--- /dev/null
+++ b/databases/phpldapadmin/patches/patch-htdocs_export.php
@@ -0,0 +1,22 @@
+$NetBSD: patch-htdocs_export.php,v 1.1 2013/01/21 12:43:23 taca Exp $
+
+* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository,
+ 74434e5ca3fb66018fad60766f833f15689fcbfc.
+
+--- htdocs/export.php.orig 2011-10-27 02:07:09.000000000 +0000
++++ htdocs/export.php
+@@ -29,12 +29,12 @@ if ($request['file']) {
+
+ header('Content-type: application/download');
+ header(sprintf('Content-Disposition: inline; filename="%s.%s"','export',$types['extension'].($request['export']->isCompressed() ? '.gz' : '')));
+- $request['export']->export();
++ echo $request['export']->export();
+ die();
+
+ } else {
+ print '<span style="font-size: 14px; font-family: courier;"><pre>';
+- $request['export']->export();
++ echo htmlspecialchars($request['export']->export());
+ print '</pre></span>';
+ }
+ ?>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-20 01:40:51 +0000