Wed Jul 28 16:28:51 2010 UTC ()
Add two patches from Contao repository:
* Fix possible XSS problem on frontend module.
* Fix preview problem when URL rewriting is enabled.
Bump PKGREVISION.
(taca)
diff -r1.3 -r1.4 pkgsrc/www/contao29/Makefile
diff -r1.1.1.1 -r1.2 pkgsrc/www/contao29/distinfo
diff -r0 -r1.1 pkgsrc/www/contao29/patches/patch-aa
diff -r0 -r1.1 pkgsrc/www/contao29/patches/patch-ab
--- pkgsrc/www/contao29/Attic/Makefile 2010/07/22 14:04:49 1.3
+++ pkgsrc/www/contao29/Attic/Makefile 2010/07/28 16:28:51 1.4
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
1 | # $NetBSD: Makefile,v 1.3 2010/07/22 14:04:49 taca Exp $ | | 1 | # $NetBSD: Makefile,v 1.4 2010/07/28 16:28:51 taca Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | DISTNAME= contao-${CT_VERSION} | | 4 | DISTNAME= contao-${CT_VERSION} |
5 | PKGNAME= contao${CT_VER}-${CT_PKGVER} | | 5 | PKGNAME= contao${CT_VER}-${CT_PKGVER} |
6 | PKGREVISION= 2 | | 6 | PKGREVISION= 3 |
7 | CATEGORIES= www | | 7 | CATEGORIES= www |
8 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/} | | 8 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/} |
9 | | | 9 | |
10 | MAINTAINER= taca@NetBSD.org | | 10 | MAINTAINER= taca@NetBSD.org |
11 | HOMEPAGE= http://www.contao.org/ | | 11 | HOMEPAGE= http://www.contao.org/ |
12 | COMMENT= Contao Open Source CMS | | 12 | COMMENT= Contao Open Source CMS |
13 | LICENSE= gnu-lgpl-v3 | | 13 | LICENSE= gnu-lgpl-v3 |
14 | | | 14 | |
15 | DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.2.0:../../graphics/php-gd | | 15 | DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.2.0:../../graphics/php-gd |
16 | DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=5.2.0:../../converters/php-mbstring | | 16 | DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=5.2.0:../../converters/php-mbstring |
17 | DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=5.2.0:../../databases/php-mysql | | 17 | DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=5.2.0:../../databases/php-mysql |
18 | DEPENDS+= ${PHP_PKG_PREFIX}-mcrypt>=5.2.0:../../security/php-mcrypt | | 18 | DEPENDS+= ${PHP_PKG_PREFIX}-mcrypt>=5.2.0:../../security/php-mcrypt |
19 | DEPENDS+= ${PHP_PKG_PREFIX}-soap>=5.2.0:../../net/php-soap | | 19 | DEPENDS+= ${PHP_PKG_PREFIX}-soap>=5.2.0:../../net/php-soap |
--- pkgsrc/www/contao29/Attic/distinfo 2010/07/05 14:45:22 1.1.1.1
+++ pkgsrc/www/contao29/Attic/distinfo 2010/07/28 16:28:51 1.2
| @@ -1,5 +1,7 @@ | | | @@ -1,5 +1,7 @@ |
1 | $NetBSD: distinfo,v 1.1.1.1 2010/07/05 14:45:22 taca Exp $ | | 1 | $NetBSD: distinfo,v 1.2 2010/07/28 16:28:51 taca Exp $ |
2 | | | 2 | |
3 | SHA1 (contao-2.9.0.tar.gz) = 9635d7d9251e4dfe965392ed2b2cc1f2a55f8cf9 | | 3 | SHA1 (contao-2.9.0.tar.gz) = 9635d7d9251e4dfe965392ed2b2cc1f2a55f8cf9 |
4 | RMD160 (contao-2.9.0.tar.gz) = cbe78ac77e2222c8d6571d9a67a25c796e60b89e | | 4 | RMD160 (contao-2.9.0.tar.gz) = cbe78ac77e2222c8d6571d9a67a25c796e60b89e |
5 | Size (contao-2.9.0.tar.gz) = 4335596 bytes | | 5 | Size (contao-2.9.0.tar.gz) = 4335596 bytes |
| | | 6 | SHA1 (patch-aa) = d49fa25b1549764f95d0354b10a80cf31de6ec19 |
| | | 7 | SHA1 (patch-ab) = 207ce919bb6fa7148108f8bd075d3a7d7ad1eeb9 |
$NetBSD: patch-aa,v 1.1 2010/07/28 16:28:51 taca Exp $
Fix preview problem when URL rewriting is enabled from repository, r513.
--- contao/main.php.orig 2010-06-04 11:45:49.000000000 +0000
+++ contao/main.php
@@ -235,53 +235,57 @@ class Main extends Backend
$this->Template->be27 = !$GLOBALS['TL_CONFIG']['oldBeTheme'];
$this->Template->home = $GLOBALS['TL_LANG']['MSC']['home'];
$this->Template->backToTop = $GLOBALS['TL_LANG']['MSC']['backToTop'];
+ $this->Template->frontendFile = $GLOBALS['TL_CONFIG']['rewriteURL'] ? '' : 'index.php';
- $this->Template->frontendFile = 'index.php';
-
- // Preview pages
- if ($this->Input->get('do') == 'page' && strlen(CURRENT_ID))
+ // Front end preview links
+ if (CURRENT_ID != '')
{
- $objPreview = $this->Database->prepare("SELECT id, alias FROM tl_page WHERE id=?")
- ->limit(1)
- ->execute(CURRENT_ID);
-
- if ($objPreview->numRows)
+ // Pages
+ if ($this->Input->get('do') == 'page')
{
- if ($GLOBALS['TL_CONFIG']['disableAlias'])
- {
- $this->Template->frontendFile = 'index.php?id=' . $objPreview->id;
- }
- else
+ $objPreview = $this->Database->prepare("SELECT id, alias FROM tl_page WHERE id=?")
+ ->limit(1)
+ ->execute(CURRENT_ID);
+
+ if ($objPreview->numRows)
{
- $this->Template->frontendFile = 'index.php/' . (strlen($objPreview->alias) ? $objPreview->alias : $objPreview->id) . $GLOBALS['TL_CONFIG']['urlSuffix'];
+ if ($GLOBALS['TL_CONFIG']['disableAlias'])
+ {
+ $this->Template->frontendFile .= '?id=' . $objPreview->id;
+ }
+ else
+ {
+ $this->Template->frontendFile .= ($GLOBALS['TL_CONFIG']['rewriteURL'] ? '' : '/') . (($objPreview->alias != '') ? $objPreview->alias : $objPreview->id) . $GLOBALS['TL_CONFIG']['urlSuffix'];
+ }
}
}
- }
-
- // Preview article
- if ($this->Input->get('do') == 'article' && strlen(CURRENT_ID))
- {
- $objPreview = $this->Database->prepare("SELECT p.id AS pid, p.alias AS palias, a.id AS aid, a.alias AS aalias, a.inColumn AS acolumn FROM tl_article a, tl_page p WHERE a.id=? AND a.pid=p.id")
- ->limit(1)
- ->execute(CURRENT_ID);
-
- if ($objPreview->numRows)
+ // Articles
+ elseif ($this->Input->get('do') == 'article')
{
- $strColumn = '';
+ $objPreview = $this->Database->prepare("SELECT p.id AS pid, p.alias AS palias, a.id AS aid, a.alias AS aalias, a.inColumn AS acolumn FROM tl_article a, tl_page p WHERE a.id=? AND a.pid=p.id")
+ ->limit(1)
+ ->execute(CURRENT_ID);
- if ($objPreview->acolumn != 'main')
+ if ($objPreview->numRows)
{
- $strColumn = $objPreview->acolumn . ':';
- }
+ $strColumn = '';
- if ($GLOBALS['TL_CONFIG']['disableAlias'])
- {
- $this->Template->frontendFile = 'index.php?id=' . $objPreview->pid . '&articles=' . $strColumn . $objPreview->aid;
- }
- else
- {
- $this->Template->frontendFile = 'index.php/' . (strlen($objPreview->palias) ? $objPreview->palias : $objPreview->pid) . '/articles/' . $strColumn . (strlen($objPreview->aalias) ? $objPreview->aalias : $objPreview->aid) . $GLOBALS['TL_CONFIG']['urlSuffix'];
+ if ($objPreview->acolumn != 'main')
+ {
+ $strColumn = $objPreview->acolumn . ':';
+ }
+
+ if ($GLOBALS['TL_CONFIG']['disableAlias'])
+ {
+ $this->Template->frontendFile .= '?id=' . $objPreview->pid . '&articles=' . $strColumn . $objPreview->aid;
+ }
+ else
+ {
+ $this->Template->frontendFile .= ($GLOBALS['TL_CONFIG']['rewriteURL'] ? '' : '/') . (($objPreview->palias != '') ? $objPreview->palias : $objPreview->pid) . '/articles/' . $strColumn . (($objPreview->aalias != '') ? $objPreview->aalias : $objPreview->aid) . $GLOBALS['TL_CONFIG']['urlSuffix'];
+ }
}
+
+ $this->Template->frontendFile = str_replace(array('?', '&', '='), array('%3F', '%26', '%3D'), $this->Template->frontendFile);
}
}
$NetBSD: patch-ab,v 1.1 2010/07/28 16:28:51 taca Exp $
Fix for CSS from repository, r507.
--- system/modules/frontend/Frontend.php.orig 2010-04-19 10:22:31.000000000 +0000
+++ system/modules/frontend/Frontend.php
@@ -166,8 +166,16 @@ abstract class Frontend extends Controll
protected function addToUrl($strRequest, $blnIgnoreParams=false)
{
$arrGet = $blnIgnoreParams ? array() : $_GET;
+
+ // Clean the $_GET values (thanks to thyon)
+ foreach (array_keys($arrGet) as $key)
+ {
+ $arrGet[$key] = $this->Input->get($key, true);
+ }
+
$arrFragments = preg_split('/&(amp;)?/i', $strRequest);
+ // Merge the new request string
foreach ($arrFragments as $strFragment)
{
list($key, $value) = explode('=', $strFragment);