mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-25 09:34:11 +00:00
Code Issues Releases Activity

- Fixed PHP code injection vulnerability by incorporating upstream patch

Browse Source 
- Bumped PORTREVISION

  NOTE: VuXML ID to follow shortly

PR:		ports/161954
Submitted by:	Ruslan Mahmatkhanov <cvs-src@yandex.ru>
Approved by:	Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Security:	http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt
Security:	http://sourceforge.net/tracker/?func=detail&aid=3417184&group_id=61828&atid=498546
This commit is contained in:
Greg Larkin 2011-10-24 13:10:35 +00:00
parent 2e6160bc08
commit c7af433997
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=284243
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
net/phpldapadmin/Makefile
View File

@ -7,6 +7,7 @@
PORTNAME= phpldapadmin PORTNAME= phpldapadmin
PORTVERSION= 1.2.1.1 PORTVERSION= 1.2.1.1
PORTREVISION= 1
PORTEPOCH= 1 PORTEPOCH= 1
CATEGORIES= net www CATEGORIES= net www
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-php5/${PORTVERSION} MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-php5/${PORTVERSION}

14
net/phpldapadmin/files/patch-lib__functions.php Normal file
View File

@ -0,0 +1,14 @@
--- ./lib/functions.php.orig 2011-05-11 05:40:18.000000000 -0400
+++ ./lib/functions.php 2011-10-24 09:00:11.000000000 -0400
@@ -1003,8 +1003,9 @@
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
- # if the array to sort is null or empty
- if (! $data) return;
+ # if the array to sort is null or empty, or if we have some nasty chars
+ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
+ return;
static $CACHE = array();