Add a patch based r1041 from the repository of Contao to fix potential XSS vulnerability. Bump PKGREVISION.diff -r1.2 -r1.3 pkgsrc/www/typolight28/DESCR
(taca)
| @@ -22,16 +22,13 @@ contemporary websites without being a pr | @@ -22,16 +22,13 @@ contemporary websites without being a pr | |||
| 22 | * Powerful site structure | 22 | * Powerful site structure | |
| 23 | * Fine-grained permission system | 23 | * Fine-grained permission system | |
| 24 | * Flexible form generator | 24 | * Flexible form generator | |
| 25 | * Full-text search engine | 25 | * Full-text search engine | |
| 26 | * Built-in CSS framework | 26 | * Built-in CSS framework | |
| 27 | * Built-in file manager | 27 | * Built-in file manager | |
| 28 | * Built-in news/blog module | 28 | * Built-in news/blog module | |
| 29 | * Built-in calendar module | 29 | * Built-in calendar module | |
| 30 | * Built-in newsletter module | 30 | * Built-in newsletter module | |
| 31 | * Wide choice of additional modules | 31 | * Wide choice of additional modules | |
| 32 | * Accessible front and back end | 32 | * Accessible front and back end | |
| 33 | * Easy live update | 33 | * Easy live update | |
| 34 | * Ajax and PHP 5 | 34 | * Ajax and PHP 5 | |
| 35 | ||||
| 36 | Note: Live update feature would work with typolight-liveupdate PKG_OPTION | |||
| 37 | enabled, but it might be conflict with regular pkgsrc maintainous. |
| @@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.14 2011/09/16 05:46:27 obache Exp $ | 1 | # $NetBSD: Makefile,v 1.15 2011/10/07 12:29:41 taca Exp $ | |
| 2 | # | 2 | # | |
| 3 | 3 | |||
| 4 | DISTNAME= typolight-${TL_VERSION} | 4 | DISTNAME= typolight-${TL_VERSION} | |
| 5 | PKGNAME= typolight${TL_VER}-${TL_PKGVER} | 5 | PKGNAME= typolight${TL_VER}-${TL_PKGVER} | |
| 6 | PKGREVISION= 4 | 6 | PKGREVISION= 5 | |
| 7 | CATEGORIES= www | 7 | CATEGORIES= www | |
| 8 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/} | 8 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/} | |
| 9 | 9 | |||
| 10 | MAINTAINER= taca@NetBSD.org | 10 | MAINTAINER= taca@NetBSD.org | |
| 11 | HOMEPAGE= http://www.contao.org/ | 11 | HOMEPAGE= http://www.contao.org/ | |
| 12 | COMMENT= Powerful web content management system (CMS) | 12 | COMMENT= Powerful web content management system (CMS) | |
| 13 | LICENSE= gnu-lgpl-v3 | 13 | LICENSE= gnu-lgpl-v3 | |
| 14 | 14 | |||
| 15 | DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.2.0:../../graphics/php-gd | 15 | DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.2.0:../../graphics/php-gd | |
| 16 | DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=5.2.0:../../converters/php-mbstring | 16 | DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=5.2.0:../../converters/php-mbstring | |
| 17 | DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=5.2.0:../../databases/php-mysql | 17 | DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=5.2.0:../../databases/php-mysql | |
| 18 | DEPENDS+= ${PHP_PKG_PREFIX}-mcrypt>=5.2.0:../../security/php-mcrypt | 18 | DEPENDS+= ${PHP_PKG_PREFIX}-mcrypt>=5.2.0:../../security/php-mcrypt | |
| 19 | DEPENDS+= ${PHP_PKG_PREFIX}-soap>=5.2.0:../../net/php-soap | 19 | DEPENDS+= ${PHP_PKG_PREFIX}-soap>=5.2.0:../../net/php-soap |
| @@ -1,8 +1,8 @@ | @@ -1,8 +1,8 @@ | |||
| 1 | $NetBSD: distinfo,v 1.10 2011/01/06 14:23:41 taca Exp $ | 1 | $NetBSD: distinfo,v 1.11 2011/10/07 12:29:41 taca Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (typolight-2.8.4.tar.gz) = d18d684a06f5dd29ffc6a28d08143feb613cd47b | 3 | SHA1 (typolight-2.8.4.tar.gz) = d18d684a06f5dd29ffc6a28d08143feb613cd47b | |
| 4 | RMD160 (typolight-2.8.4.tar.gz) = ad82d00e3b7ec4e604640779fec841fcfc65f75c | 4 | RMD160 (typolight-2.8.4.tar.gz) = ad82d00e3b7ec4e604640779fec841fcfc65f75c | |
| 5 | Size (typolight-2.8.4.tar.gz) = 4097946 bytes | 5 | Size (typolight-2.8.4.tar.gz) = 4097946 bytes | |
| 6 | SHA1 (patch-ad) = 207ce919bb6fa7148108f8bd075d3a7d7ad1eeb9 | 6 | SHA1 (patch-ad) = ee5524db7764c9c5ede3affcb99ed0f8864d522e | |
| 7 | SHA1 (patch-ae) = eed6db905809b3782acb8324799de6bc8d4e855b | 7 | SHA1 (patch-ae) = eed6db905809b3782acb8324799de6bc8d4e855b | |
| 8 | SHA1 (patch-af) = 868309cff4ba1855a96745c578737878f8d118d5 | 8 | SHA1 (patch-af) = 868309cff4ba1855a96745c578737878f8d118d5 |
| @@ -1,20 +1,49 @@ | @@ -1,20 +1,49 @@ | |||
| 1 | $NetBSD: patch-ad,v 1.1 2010/07/28 16:24:20 taca Exp $ | 1 | $NetBSD: patch-ad,v 1.2 2011/10/07 12:29:42 taca Exp $ | |
| 2 | 2 | |||
| 3 | Fix for CSS from repository, r507. | 3 | * Fix for CSS from repository, r507. | |
| 4 | * Fix potential XSS vulnerability, r1041. | |||
| 4 | 5 | |||
| 5 | --- system/modules/frontend/Frontend.php.orig 2010-04-19 10:22:31.000000000 +0000 | 6 | --- system/modules/frontend/Frontend.php.orig 2010-04-19 10:22:31.000000000 +0000 | |
| 6 | +++ system/modules/frontend/Frontend.php | 7 | +++ system/modules/frontend/Frontend.php | |
| 7 | @@ -166,8 +166,16 @@ abstract class Frontend extends Controll | 8 | @@ -78,7 +78,7 @@ abstract class Frontend extends Controll | |
| 9 | return is_numeric($this->Input->get('id')) ? $this->Input->get('id') : null; | |||
| 10 | } | |||
| 11 | ||||
| 12 | - if (!strlen($this->Environment->request)) | |||
| 13 | + if ($this->Environment->request == '') | |||
| 14 | { | |||
| 15 | return null; | |||
| 16 | } | |||
| 17 | @@ -104,13 +104,15 @@ abstract class Frontend extends Controll | |||
| 18 | } | |||
| 19 | } | |||
| 20 | ||||
| 21 | - // Add fragments to $_GET array | |||
| 22 | + // DO NOT USE urldecode() HERE (XSS vulnerability)! | |||
| 23 | + | |||
| 24 | + // Add the fragments to the $_GET array | |||
| 25 | for ($i=1; $i<count($arrFragments); $i+=2) | |||
| 26 | { | |||
| 27 | - $_GET[urldecode($arrFragments[$i])] = urldecode($arrFragments[$i+1]); | |||
| 28 | + $_GET[$arrFragments[$i]] = $arrFragments[$i+1]; | |||
| 29 | } | |||
| 30 | ||||
| 31 | - return strlen($arrFragments[0]) ? urldecode($arrFragments[0]) : null; | |||
| 32 | + return ($arrFragments[0] != '') ? $arrFragments[0] : null; | |||
| 33 | } | |||
| 34 | ||||
| 35 | ||||
| 36 | @@ -166,8 +168,16 @@ abstract class Frontend extends Controll | |||
| 8 | protected function addToUrl($strRequest, $blnIgnoreParams=false) | 37 | protected function addToUrl($strRequest, $blnIgnoreParams=false) | |
| 9 | { | 38 | { | |
| 10 | $arrGet = $blnIgnoreParams ? array() : $_GET; | 39 | $arrGet = $blnIgnoreParams ? array() : $_GET; | |
| 11 | + | 40 | + | |
| 12 | + // Clean the $_GET values (thanks to thyon) | 41 | + // Clean the $_GET values (thanks to thyon) | |
| 13 | + foreach (array_keys($arrGet) as $key) | 42 | + foreach (array_keys($arrGet) as $key) | |
| 14 | + { | 43 | + { | |
| 15 | + $arrGet[$key] = $this->Input->get($key, true); | 44 | + $arrGet[$key] = $this->Input->get($key, true); | |
| 16 | + } | 45 | + } | |
| 17 | + | 46 | + | |
| 18 | $arrFragments = preg_split('/&(amp;)?/i', $strRequest); | 47 | $arrFragments = preg_split('/&(amp;)?/i', $strRequest); | |
| 19 | 48 | |||
| 20 | + // Merge the new request string | 49 | + // Merge the new request string |