summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch27
-rw-r--r--net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch28
-rw-r--r--net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch34
3 files changed, 0 insertions, 89 deletions
diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch
deleted file mode 100644
index b5ae92d0425c..000000000000
--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001
-From: Deon George <wurley@users.sf.net>
-Date: Wed, 27 Jul 2011 07:30:06 +1000
-Subject: [PATCH] Remove XSS vulnerabilty in debug code
-
----
- htdocs/cmd.php | 4 ----
- 1 files changed, 0 insertions(+), 4 deletions(-)
-
-diff --git a/htdocs/cmd.php b/htdocs/cmd.php
-index 34f3848..0ddf004 100644
---- a/htdocs/cmd.php
-+++ b/htdocs/cmd.php
-@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST');
- ob_start();
-
- switch ($www['cmd']) {
-- case '_debug':
-- debug_dump($_REQUEST,1);
-- break;
--
- default:
- if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
- $app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
---
-1.7.4.1
-
diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch
deleted file mode 100644
index bc18b452ca02..000000000000
--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001
-From: Deon George <wurley@users.sf.net>
-Date: Thu, 6 Oct 2011 09:03:20 +1100
-Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability
-
----
- lib/functions.php | 5 +++--
- 1 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/lib/functions.php b/lib/functions.php
-index 19fde99..eb160dc 100644
---- a/lib/functions.php
-+++ b/lib/functions.php
-@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
- if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
- debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
-
-- # if the array to sort is null or empty
-- if (! $data) return;
-+ # if the array to sort is null or empty, or if we have some nasty chars
-+ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
-+ return;
-
- static $CACHE = array();
-
---
-1.7.4.1
-
diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
deleted file mode 100644
index bff3c6268556..000000000000
--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001
-From: Deon George <wurley@users.sf.net>
-Date: Tue, 24 Jan 2012 12:37:28 +1100
-Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query
-
----
- lib/QueryRender.php | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/QueryRender.php b/lib/QueryRender.php
-index 291ec40..685f3ba 100644
---- a/lib/QueryRender.php
-+++ b/lib/QueryRender.php
-@@ -497,7 +497,7 @@ class QueryRender extends PageRender {
- $this->getAjaxRef($base),
- $this->getAjaxRef($base),
- ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),
-- $base);
-+ htmlspecialchars($base));
- }
- echo '</tr>';
- echo '</table>';
-@@ -545,7 +545,7 @@ class QueryRender extends PageRender {
- echo ' ]</small>';
-
- echo '<br />';
-- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);
-+ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base));
-
- echo '<br />';
- printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));
---
-1.7.4.1
-