summaryrefslogtreecommitdiff
path: root/www/php-concrete5
diff options
context:
space:
mode:
Diffstat (limited to 'www/php-concrete5')
-rw-r--r--www/php-concrete5/Makefile3
-rw-r--r--www/php-concrete5/distinfo3
-rw-r--r--www/php-concrete5/patches/patch-concrete_blocks_image_tools_crop__image.php16
3 files changed, 20 insertions, 2 deletions
diff --git a/www/php-concrete5/Makefile b/www/php-concrete5/Makefile
index 154f0731591..36ff1bc7361 100644
--- a/www/php-concrete5/Makefile
+++ b/www/php-concrete5/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2012/12/24 01:35:19 ryoon Exp $
+# $NetBSD: Makefile,v 1.7 2012/12/24 04:39:57 ryoon Exp $
#
DISTNAME= concrete5.6.0.2
+PKGREVISION= 1
PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/concrete5/concrete5-5/}
CATEGORIES= www
MASTER_SITES= http://www.concrete5.org/download_file/-/view/44326/8497/
diff --git a/www/php-concrete5/distinfo b/www/php-concrete5/distinfo
index 46bb4214a21..0b6d7d7f911 100644
--- a/www/php-concrete5/distinfo
+++ b/www/php-concrete5/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.4 2012/12/06 14:52:02 ryoon Exp $
+$NetBSD: distinfo,v 1.5 2012/12/24 04:39:57 ryoon Exp $
SHA1 (concrete5.6.0.2.zip) = 30f173bb1715e74c53fbb25d733d415d26d08409
RMD160 (concrete5.6.0.2.zip) = 4909f0c471bccb4350971ce7e7adba44579d7aef
Size (concrete5.6.0.2.zip) = 14443587 bytes
+SHA1 (patch-concrete_blocks_image_tools_crop__image.php) = f6413d48d67f9da05174067f563c187350c832e1
diff --git a/www/php-concrete5/patches/patch-concrete_blocks_image_tools_crop__image.php b/www/php-concrete5/patches/patch-concrete_blocks_image_tools_crop__image.php
new file mode 100644
index 00000000000..a5fade66c6f
--- /dev/null
+++ b/www/php-concrete5/patches/patch-concrete_blocks_image_tools_crop__image.php
@@ -0,0 +1,16 @@
+$NetBSD: patch-concrete_blocks_image_tools_crop__image.php,v 1.1 2012/12/24 04:39:58 ryoon Exp $
+
+fixing minor XSS in composer image cropper
+taken from https://github.com/concrete5japan/concrete5/commit/3ede1508bc2ca0f9365f25e8bf692dc8fc30780f
+Thank you, taca@.
+
+--- concrete/blocks/image/tools/crop_image.php.orig 2012-09-21 00:15:18.000000000 +0000
++++ concrete/blocks/image/tools/crop_image.php
+@@ -18,5 +18,5 @@ $save_url = $url->getBlockTypeToolsUrl($
+ <object type="application/x-shockwave-flash" data="<?php echo ASSETS_URL_FLASH?>/thumbnail_editor_3.swf" width="100%" height="500" id="ccm-image-composer-thumbnail-crop">
+ <param name="wmode" value="transparent">
+ <param name="quality" value="high">
+-<param name="flashvars" value="tint=0&amp;backgroundColor=#FFFFFF&amp;upload=true&amp;webcam=false&amp;width=<?php echo $_GET['width']?>&amp;height=<?php echo $_GET['height']?>&amp;image=<?php echo $f->getRelativePath()?>&amp;save=<?php echo urlencode($save_url)?>">
++<param name="flashvars" value="tint=0&amp;backgroundColor=#FFFFFF&amp;upload=true&amp;webcam=false&amp;width=<?php echo htmlspecialchars($_GET['width'])?>&amp;height=<?php echo htmlspecialchars($_GET['height'])?>&amp;image=<?php echo $f->getRelativePath()?>&amp;save=<?php echo urlencode($save_url)?>">
+ </object>
+\ No newline at end of file