Mon Oct 10 16:35:36 2011 UTC ()
Add update patche to fix XSS from Contao's repository.
Bump PKGREVISION.
(taca)
diff -r1.15 -r1.16 pkgsrc/www/typolight28/Makefile
diff -r1.11 -r1.12 pkgsrc/www/typolight28/distinfo
diff -r1.2 -r1.3 pkgsrc/www/typolight28/patches/patch-ad
diff -r0 -r1.1 pkgsrc/www/typolight28/patches/patch-system_libraries_Input.php
diff -r0 -r1.1 pkgsrc/www/typolight28/patches/patch-system_modules_frontend_ModuleArticlenav.php
--- pkgsrc/www/typolight28/Attic/Makefile 2011/10/07 12:29:41 1.15
+++ pkgsrc/www/typolight28/Attic/Makefile 2011/10/10 16:35:36 1.16
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.15 2011/10/07 12:29:41 taca Exp $
+# $NetBSD: Makefile,v 1.16 2011/10/10 16:35:36 taca Exp $
#
DISTNAME= typolight-${TL_VERSION}
PKGNAME= typolight${TL_VER}-${TL_PKGVER}
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/}
--- pkgsrc/www/typolight28/Attic/distinfo 2011/10/07 12:29:41 1.11
+++ pkgsrc/www/typolight28/Attic/distinfo 2011/10/10 16:35:36 1.12
@@ -1,8 +1,10 @@
-$NetBSD: distinfo,v 1.11 2011/10/07 12:29:41 taca Exp $
+$NetBSD: distinfo,v 1.12 2011/10/10 16:35:36 taca Exp $
SHA1 (typolight-2.8.4.tar.gz) = d18d684a06f5dd29ffc6a28d08143feb613cd47b
RMD160 (typolight-2.8.4.tar.gz) = ad82d00e3b7ec4e604640779fec841fcfc65f75c
Size (typolight-2.8.4.tar.gz) = 4097946 bytes
-SHA1 (patch-ad) = ee5524db7764c9c5ede3affcb99ed0f8864d522e
+SHA1 (patch-ad) = 0654ac44d13f69ca4823a8aec27752244de6181f
SHA1 (patch-ae) = eed6db905809b3782acb8324799de6bc8d4e855b
SHA1 (patch-af) = 868309cff4ba1855a96745c578737878f8d118d5
+SHA1 (patch-system_libraries_Input.php) = 4a3e9409d6916a6637e12f646e33268f3067ec99
+SHA1 (patch-system_modules_frontend_ModuleArticlenav.php) = df4d8a8579e010794c3a62c5f458037ea53cc397
--- pkgsrc/www/typolight28/patches/Attic/patch-ad 2011/10/07 12:29:42 1.2
+++ pkgsrc/www/typolight28/patches/Attic/patch-ad 2011/10/10 16:35:36 1.3
@@ -1,11 +1,11 @@
-$NetBSD: patch-ad,v 1.2 2011/10/07 12:29:42 taca Exp $
+$NetBSD: patch-ad,v 1.3 2011/10/10 16:35:36 taca Exp $
* Fix for CSS from repository, r507.
-* Fix potential XSS vulnerability, r1041.
+* Fix potential XSS vulnerability, r1041 and r1044.
--- system/modules/frontend/Frontend.php.orig 2010-04-19 10:22:31.000000000 +0000
+++ system/modules/frontend/Frontend.php
-@@ -78,7 +78,7 @@ abstract class Frontend extends Controll
+@@ -78,14 +78,13 @@ abstract class Frontend extends Controll
return is_numeric($this->Input->get('id')) ? $this->Input->get('id') : null;
}
@@ -14,18 +14,25 @@
{
return null;
}
-@@ -104,13 +104,15 @@ abstract class Frontend extends Controll
+
+ $strRequest = preg_replace('/\?.*$/i', '', $this->Environment->request);
+ $strRequest = preg_replace('/' . preg_quote($GLOBALS['TL_CONFIG']['urlSuffix'], '/') . '$/i', '', $strRequest);
+-
+ $arrFragments = explode('/', $strRequest);
+
+ // Skip index.php
+@@ -104,13 +103,15 @@ abstract class Frontend extends Controll
}
}
- // Add fragments to $_GET array
-+ // DO NOT USE urldecode() HERE (XSS vulnerability)!
++ $arrFragments = array_map('urldecode', $arrFragments);
+
+ // Add the fragments to the $_GET array
for ($i=1; $i<count($arrFragments); $i+=2)
{
- $_GET[urldecode($arrFragments[$i])] = urldecode($arrFragments[$i+1]);
-+ $_GET[$arrFragments[$i]] = $arrFragments[$i+1];
++ $this->Input->setGet($arrFragments[$i], $arrFragments[$i+1]);
}
- return strlen($arrFragments[0]) ? urldecode($arrFragments[0]) : null;
@@ -33,7 +40,16 @@
}
-@@ -166,8 +168,16 @@ abstract class Frontend extends Controll
+@@ -158,7 +159,7 @@ abstract class Frontend extends Controll
+
+
+ /**
+- * Overwrite parent method as front end URLs are handled differently
++ * Overwrite the parent method as front end URLs are handled differently
+ * @param string
+ * @param boolean
+ * @return string
+@@ -166,8 +167,16 @@ abstract class Frontend extends Controll
protected function addToUrl($strRequest, $blnIgnoreParams=false)
{
$arrGet = $blnIgnoreParams ? array() : $_GET;
@@ -50,3 +66,27 @@
foreach ($arrFragments as $strFragment)
{
list($key, $value) = explode('=', $strFragment);
+@@ -184,9 +193,22 @@ abstract class Frontend extends Controll
+
+ $strParams = '';
+
++ // Determine connector and separator
++ if ($GLOBALS['TL_CONFIG']['disableAlias'])
++ {
++ $strConnector = '&';
++ $strSeparator = '=';
++ }
++ else
++ {
++ $strConnector = '/';
++ $strSeparator = '/';
++ }
++
++ // Compile the parameters string
+ foreach ($arrGet as $k=>$v)
+ {
+- $strParams .= $GLOBALS['TL_CONFIG']['disableAlias'] ? '&' . $k . '=' . $v : '/' . $k . '/' . $v;
++ $strParams .= $strConnector . urlencode($k) . $strSeparator . urlencode($v);
+ }
+
+ // Do not use aliases
$NetBSD: patch-system_libraries_Input.php,v 1.1 2011/10/10 16:35:36 taca Exp $
* Fix potential XSS vulnerability, r1044.
--- system/libraries/Input.php.orig 2010-04-12 13:08:16.000000000 +0000
+++ system/libraries/Input.php
@@ -52,9 +52,14 @@ class Input
/**
- * Prevent direct instantiation (Singleton)
+ * Clean the keys of the request arrays
*/
- protected function __construct() {}
+ protected function __construct()
+ {
+ $_GET = $this->cleanKey($_GET);
+ $_POST = $this->cleanKey($_POST);
+ $_COOKIE = $this->cleanKey($_COOKIE);
+ }
/**
@@ -232,6 +237,8 @@ class Input
*/
public function setGet($strKey, $varValue)
{
+ $strKey = $this->cleanKey($strKey);
+
unset($this->arrCache['getEncoded'][$strKey]);
unset($this->arrCache['getDecoded'][$strKey]);
@@ -246,6 +253,8 @@ class Input
*/
public function setPost($strKey, $varValue)
{
+ $strKey = $this->cleanKey($strKey);
+
unset($this->arrCache['postEncoded'][$strKey]);
unset($this->arrCache['postDecoded'][$strKey]);
unset($this->arrCache['postRaw'][$strKey]);
@@ -261,6 +270,8 @@ class Input
*/
public function setCookie($strKey, $varValue)
{
+ $strKey = $this->cleanKey($strKey);
+
unset($this->arrCache['cookieEncoded'][$strKey]);
unset($this->arrCache['cookieDecoded'][$strKey]);
@@ -278,6 +289,42 @@ class Input
/**
+ * Sanitize a key name or an array (thanks to Andreas Schempp)
+ * @param mixed
+ * @return mixed
+ */
+ protected function cleanKey($varValue)
+ {
+ // Recursively clean arrays
+ if (is_array($varValue))
+ {
+ $return = array();
+
+ foreach ($varValue as $k=>$v)
+ {
+ $k = $this->cleanKey($k);
+
+ if (is_array($v))
+ {
+ $v = $this->cleanKey($v);
+ }
+
+ $return[$k] = $v;
+ }
+
+ return $return;
+ }
+
+ $varValue = $this->stripSlashes($varValue);
+ $varValue = $this->decodeEntities($varValue);
+ $varValue = $this->xssClean($varValue, true);
+ $varValue = $this->stripTags($varValue);
+
+ return $varValue;
+ }
+
+
+ /**
* Strip slashes
* @param mixed
* @return mixed
$NetBSD: patch-system_modules_frontend_ModuleArticlenav.php,v 1.1 2011/10/10 16:35:36 taca Exp $
* Fix potential XSS vulnerability, r1044.
--- system/modules/frontend/ModuleArticlenav.php.orig 2009-11-21 12:49:18.000000000 +0000
+++ system/modules/frontend/ModuleArticlenav.php
@@ -91,7 +91,7 @@ class ModuleArticlenav extends Module
return '';
}
- $strAlias = (strlen($this->objArticles->alias) && !$GLOBALS['TL_CONFIG']['disableAlias']) ? $this->objArticles->alias : $this->objArticles->id;
+ $strAlias = ($this->objArticles->alias != '' && !$GLOBALS['TL_CONFIG']['disableAlias']) ? $this->objArticles->alias : $this->objArticles->id;
$this->redirect($this->addToUrl('articles=' . $strAlias));
}