mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-10 07:04:03 +00:00
- Fixed PHP code injection vulnerability by incorporating upstream patch
- Bumped PORTREVISION NOTE: VuXML ID to follow shortly PR: ports/161954 Submitted by: Ruslan Mahmatkhanov <cvs-src@yandex.ru> Approved by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer) Security: http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt Security: http://sourceforge.net/tracker/?func=detail&aid=3417184&group_id=61828&atid=498546
This commit is contained in:
Greg Larkin
parent
2e6160bc08
commit
c7af433997
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=284243
@ -7,6 +7,7 @@
|
||||
|
||||
PORTNAME= phpldapadmin
|
||||
PORTVERSION= 1.2.1.1
|
||||
PORTREVISION= 1
|
||||
PORTEPOCH= 1
|
||||
CATEGORIES= net www
|
||||
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-php5/${PORTVERSION}
|
||||
|
||||
14
net/phpldapadmin/files/patch-lib__functions.php
Normal file
14
net/phpldapadmin/files/patch-lib__functions.php
Normal file
@ -0,0 +1,14 @@
|
||||
--- ./lib/functions.php.orig 2011-05-11 05:40:18.000000000 -0400
|
||||
+++ ./lib/functions.php 2011-10-24 09:00:11.000000000 -0400
|
||||
@@ -1003,8 +1003,9 @@
|
||||
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
||||
- # if the array to sort is null or empty
|
||||
- if (! $data) return;
|
||||
+ # if the array to sort is null or empty, or if we have some nasty chars
|
||||
+ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
|
||||
+ return;
|
||||
|
||||
static $CACHE = array();
|
||||
|
||||
Loading…
Reference in New Issue
Block a user