diff options
3 files changed, 0 insertions, 89 deletions
diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch deleted file mode 100644 index b5ae92d0425c..000000000000 --- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001 -From: Deon George <wurley@users.sf.net> -Date: Wed, 27 Jul 2011 07:30:06 +1000 -Subject: [PATCH] Remove XSS vulnerabilty in debug code - ---- - htdocs/cmd.php | 4 ---- - 1 files changed, 0 insertions(+), 4 deletions(-) - -diff --git a/htdocs/cmd.php b/htdocs/cmd.php -index 34f3848..0ddf004 100644 ---- a/htdocs/cmd.php -+++ b/htdocs/cmd.php -@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST'); - ob_start(); - - switch ($www['cmd']) { -- case '_debug': -- debug_dump($_REQUEST,1); -- break; -- - default: - if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php')) - $app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php'; --- -1.7.4.1 - diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch deleted file mode 100644 index bc18b452ca02..000000000000 --- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001 -From: Deon George <wurley@users.sf.net> -Date: Thu, 6 Oct 2011 09:03:20 +1100 -Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability - ---- - lib/functions.php | 5 +++-- - 1 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/functions.php b/lib/functions.php -index 19fde99..eb160dc 100644 ---- a/lib/functions.php -+++ b/lib/functions.php -@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) { - if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) - debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); - -- # if the array to sort is null or empty -- if (! $data) return; -+ # if the array to sort is null or empty, or if we have some nasty chars -+ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data) -+ return; - - static $CACHE = array(); - --- -1.7.4.1 - diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch deleted file mode 100644 index bff3c6268556..000000000000 --- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001 -From: Deon George <wurley@users.sf.net> -Date: Tue, 24 Jan 2012 12:37:28 +1100 -Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query - ---- - lib/QueryRender.php | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/QueryRender.php b/lib/QueryRender.php -index 291ec40..685f3ba 100644 ---- a/lib/QueryRender.php -+++ b/lib/QueryRender.php -@@ -497,7 +497,7 @@ class QueryRender extends PageRender { - $this->getAjaxRef($base), - $this->getAjaxRef($base), - ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'), -- $base); -+ htmlspecialchars($base)); - } - echo '</tr>'; - echo '</table>'; -@@ -545,7 +545,7 @@ class QueryRender extends PageRender { - echo ' ]</small>'; - - echo '<br />'; -- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base); -+ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base)); - - echo '<br />'; - printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter'])); --- -1.7.4.1 - |