www/contao35: add two fixes

* Add fix for CVE-2020-25768. * Fix time range problem on positive timezone. Bump PKGREVISION.
2020-10-04 06:31:02 +00:00 · 2020-10-04 06:31:02 +00:00 · 53c9af8322
commit 53c9af8322
parent c2938d29f6
4 changed files with 46 additions and 2 deletions
--- a/www/contao35/Makefile
+++ b/www/contao35/Makefile
@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.47 2019/12/16 16:30:14 taca Exp $
+# $NetBSD: Makefile,v 1.48 2020/10/04 06:31:02 taca Exp $
 #

 DISTNAME=	contao-${CT_PKGVER}
 PKGNAME=	${PHP_PKG_PREFIX}-contao${CT_VER}-${CT_PKGVER}
+PKGREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_GITHUB:=contao/}
 GITHUB_PROJECT=	core
--- a/www/contao35/distinfo
+++ b/www/contao35/distinfo
@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.36 2019/04/14 09:23:06 taca Exp $
+$NetBSD: distinfo,v 1.37 2020/10/04 06:31:02 taca Exp $

 SHA1 (contao-3.5.40.tar.gz) = 67ee42c5232142bf7b7f9f86635f9a5dc7c3536d
 RMD160 (contao-3.5.40.tar.gz) = b8fdb80da8b96fd7820f972f5b33418fadcadf81
 SHA512 (contao-3.5.40.tar.gz) = 54a2e00fdca1bd3a11464d5c74113cbb74b7d39fc368dc6de7608a4a8dd7fe5464d9840b0ecd37ca2ee7df6cf0ac004a0e2903c79e06c7509787a6700814d598
 Size (contao-3.5.40.tar.gz) = 11204594 bytes
+SHA1 (patch-system_modules_core_library_Contao_Input.php) = 07cb28f17ea7b028070bc039ea47c05ca790beb0
+SHA1 (patch-system_modules_news_dca_tl__news.php) = 13cee5a492f8ae63fe478b5e8bd9b5af477aa9ac
--- a/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php
+++ b/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php
@ -0,0 +1,26 @@
+$NetBSD: patch-system_modules_core_library_Contao_Input.php,v 1.1 2020/10/04 06:31:02 taca Exp $
+
+Apply fix for CVE-2020-25768.
+
+--- system/modules/core/library/Contao/Input.php.orig	2019-04-11 11:11:34.000000000 +0000
+++ system/modules/core/library/Contao/Input.php
+@@ -765,7 +765,18 @@ class Input
+ 	 */
+ 	public static function encodeInsertTags($varValue)
+ 	{
+-		return str_replace(array('{{', '}}'), array('&#123;&#123;', '&#125;&#125;'), $varValue);
+		// Recursively encode insert tags
+		if (\is_array($varValue))
+		{
+			foreach ($varValue as $k=>$v)
+			{
+				$varValue[$k] = static::encodeInsertTags($v);
+			}
+
+			return $varValue;
+		}
+
+		return str_replace(array('{{', '}}'), array('&#123;&#123;', '&#125;&#125;'), (string) $varValue);
+ 	}
+ 
+ 
--- a/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
+++ b/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
@ -0,0 +1,15 @@
+$NetBSD: patch-system_modules_news_dca_tl__news.php,v 1.1 2020/10/04 06:31:02 taca Exp $
+
+Fix time range problem on positive timezone.
+
+--- system/modules/news/dca/tl_news.php.orig	2019-04-11 11:11:34.000000000 +0000
+++ system/modules/news/dca/tl_news.php
+@@ -228,7 +228,7 @@ $GLOBALS['TL_DCA']['tl_news'] = array
+ 			'exclude'                 => true,
+ 			'inputType'               => 'text',
+ 			'eval'                    => array('rgxp'=>'time', 'doNotCopy'=>true, 'tl_class'=>'w50'),
+-			'sql'                     => "int(10) unsigned NOT NULL default '0'"
+			'sql'                     => "int(10) NOT NULL default '0'"
+ 		),
+ 		'subheadline' => array
+ 		(