diff options
Diffstat (limited to 'www/php-concrete5')
-rw-r--r-- | www/php-concrete5/Makefile | 3 | ||||
-rw-r--r-- | www/php-concrete5/distinfo | 3 | ||||
-rw-r--r-- | www/php-concrete5/patches/patch-concrete_blocks_image_tools_crop__image.php | 16 |
3 files changed, 20 insertions, 2 deletions
diff --git a/www/php-concrete5/Makefile b/www/php-concrete5/Makefile index 154f0731591..36ff1bc7361 100644 --- a/www/php-concrete5/Makefile +++ b/www/php-concrete5/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.6 2012/12/24 01:35:19 ryoon Exp $ +# $NetBSD: Makefile,v 1.7 2012/12/24 04:39:57 ryoon Exp $ # DISTNAME= concrete5.6.0.2 +PKGREVISION= 1 PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/concrete5/concrete5-5/} CATEGORIES= www MASTER_SITES= http://www.concrete5.org/download_file/-/view/44326/8497/ diff --git a/www/php-concrete5/distinfo b/www/php-concrete5/distinfo index 46bb4214a21..0b6d7d7f911 100644 --- a/www/php-concrete5/distinfo +++ b/www/php-concrete5/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.4 2012/12/06 14:52:02 ryoon Exp $ +$NetBSD: distinfo,v 1.5 2012/12/24 04:39:57 ryoon Exp $ SHA1 (concrete5.6.0.2.zip) = 30f173bb1715e74c53fbb25d733d415d26d08409 RMD160 (concrete5.6.0.2.zip) = 4909f0c471bccb4350971ce7e7adba44579d7aef Size (concrete5.6.0.2.zip) = 14443587 bytes +SHA1 (patch-concrete_blocks_image_tools_crop__image.php) = f6413d48d67f9da05174067f563c187350c832e1 diff --git a/www/php-concrete5/patches/patch-concrete_blocks_image_tools_crop__image.php b/www/php-concrete5/patches/patch-concrete_blocks_image_tools_crop__image.php new file mode 100644 index 00000000000..a5fade66c6f --- /dev/null +++ b/www/php-concrete5/patches/patch-concrete_blocks_image_tools_crop__image.php @@ -0,0 +1,16 @@ +$NetBSD: patch-concrete_blocks_image_tools_crop__image.php,v 1.1 2012/12/24 04:39:58 ryoon Exp $ + +fixing minor XSS in composer image cropper +taken from https://github.com/concrete5japan/concrete5/commit/3ede1508bc2ca0f9365f25e8bf692dc8fc30780f +Thank you, taca@. + +--- concrete/blocks/image/tools/crop_image.php.orig 2012-09-21 00:15:18.000000000 +0000 ++++ concrete/blocks/image/tools/crop_image.php +@@ -18,5 +18,5 @@ $save_url = $url->getBlockTypeToolsUrl($ + <object type="application/x-shockwave-flash" data="<?php echo ASSETS_URL_FLASH?>/thumbnail_editor_3.swf" width="100%" height="500" id="ccm-image-composer-thumbnail-crop"> + <param name="wmode" value="transparent"> + <param name="quality" value="high"> +-<param name="flashvars" value="tint=0&backgroundColor=#FFFFFF&upload=true&webcam=false&width=<?php echo $_GET['width']?>&height=<?php echo $_GET['height']?>&image=<?php echo $f->getRelativePath()?>&save=<?php echo urlencode($save_url)?>"> ++<param name="flashvars" value="tint=0&backgroundColor=#FFFFFF&upload=true&webcam=false&width=<?php echo htmlspecialchars($_GET['width'])?>&height=<?php echo htmlspecialchars($_GET['height'])?>&image=<?php echo $f->getRelativePath()?>&save=<?php echo urlencode($save_url)?>"> + </object> +\ No newline at end of file |