Add a security fix for kses, HTML filter which isn't used with default
configuration: http://www.geeklog.net/article.php/kses. Also fix one pkglint warning. Bump PKGREVISION.
This commit is contained in:
parent
dfaba9b34b
commit
4d81c56bf5
4 changed files with 32 additions and 4 deletions
|
@ -1,9 +1,9 @@
|
|||
# $NetBSD: Makefile,v 1.17 2008/05/26 00:40:24 joerg Exp $
|
||||
# $NetBSD: Makefile,v 1.18 2008/06/19 14:08:42 taca Exp $
|
||||
#
|
||||
|
||||
DISTNAME= geeklog-${VER}
|
||||
PKGNAME= geeklog-${VER:C/(sr|-)/./g}
|
||||
PKGREVISION= 1
|
||||
PKGREVISION= 2
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= http://www.geeklog.net/filemgmt/upload_dir/
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# $NetBSD: Makefile.common,v 1.5 2008/06/19 12:38:45 taca Exp $
|
||||
# $NetBSD: Makefile.common,v 1.6 2008/06/19 14:08:42 taca Exp $
|
||||
#
|
||||
# used by www/geeklog/Makefile
|
||||
|
||||
GEEKLOG_ADMIN= ${GEEKLOG_BASE}/admin
|
||||
GEEKLOG_TMPL= ${GEEKLOG_BASE}/default
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.6 2007/05/20 15:56:44 taca Exp $
|
||||
$NetBSD: distinfo,v 1.7 2008/06/19 14:08:42 taca Exp $
|
||||
|
||||
SHA1 (geeklog-1.4.1.tar.gz) = c323c29b523598b97d7e0957435c0ec0c31cb290
|
||||
RMD160 (geeklog-1.4.1.tar.gz) = bfac9946b34d0254fedd3a54cf742b044d347a3c
|
||||
|
@ -7,3 +7,4 @@ SHA1 (patch-aa) = f96a2391925ae66c9629ee4480053b71dc33d587
|
|||
SHA1 (patch-ab) = 3cbc5f3845eaaf78c349e1bc82e8e792627a12db
|
||||
SHA1 (patch-ac) = e5523aab7a13f014ecb961a53f8d962115c4d7b4
|
||||
SHA1 (patch-ag) = 207ef0801d865ff16d2a99f0732ea0cb49ce2ad5
|
||||
SHA1 (patch-ah) = 376e1208f0ec332e9da243a9a475d5569158d6d3
|
||||
|
|
26
www/geeklog/patches/patch-ah
Normal file
26
www/geeklog/patches/patch-ah
Normal file
|
@ -0,0 +1,26 @@
|
|||
$NetBSD: patch-ah,v 1.1 2008/06/19 14:08:42 taca Exp $
|
||||
|
||||
A security fix for HTML filter: http://www.geeklog.net/article.php/kses.
|
||||
This problem will be fixed in Geeklog 1.5.0.
|
||||
|
||||
--- system/classes/kses.class.php.orig 2006-05-15 14:49:44.000000000 +0900
|
||||
+++ system/classes/kses.class.php
|
||||
@@ -941,12 +941,12 @@
|
||||
*/
|
||||
function _bad_protocol_once($string)
|
||||
{
|
||||
- return preg_replace(
|
||||
- '/^((&[^;]*;|[\sA-Za-z0-9])*)'.
|
||||
- '(:|:|&#[Xx]3[Aa];)\s*/e',
|
||||
- '\$this->_bad_protocol_once2("\\1")',
|
||||
- $string
|
||||
- );
|
||||
+ $string2 = preg_split('/:|:|:/i', $string, 2);
|
||||
+ if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
|
||||
+ {
|
||||
+ $string = $this->_bad_protocol_once2($string2[0]).trim($string2[1]);
|
||||
+ }
|
||||
+ return $string;
|
||||
}
|
||||
|
||||
/**
|
Loading…
Reference in a new issue