diff options
| author | Shaun Amott <shaun@FreeBSD.org> | 2007-07-31 09:44:45 +0000 |
|---|---|---|
| committer | Shaun Amott <shaun@FreeBSD.org> | 2007-07-31 09:44:45 +0000 |
| commit | 8ddb08e12e266d26d05450cdd66f386c2fc73963 (patch) | |
| tree | abe132b4076a5979e05a184c174ee452e846518c /www/phpSysInfo | |
| parent | e1288f8d43ee64bc96849e37597afed192df4b65 (diff) | |
| download | ports-8ddb08e12e266d26d05450cdd66f386c2fc73963.tar.gz ports-8ddb08e12e266d26d05450cdd66f386c2fc73963.zip | |
Fix XSS vulnerability.
Reported by: miwi
Security: 88260dfe-3d21-11dc-b3d3-0016179b2dd
Notes
Notes:
svn path=/head/; revision=196804
Diffstat (limited to 'www/phpSysInfo')
| -rw-r--r-- | www/phpSysInfo/Makefile | 1 | ||||
| -rw-r--r-- | www/phpSysInfo/files/patch-xss-fix.diff | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/www/phpSysInfo/Makefile b/www/phpSysInfo/Makefile index 34cc9f4297da..309c5cc3d87e 100644 --- a/www/phpSysInfo/Makefile +++ b/www/phpSysInfo/Makefile @@ -6,6 +6,7 @@ PORTNAME= phpSysInfo PORTVERSION= 2.5.3 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME:L} diff --git a/www/phpSysInfo/files/patch-xss-fix.diff b/www/phpSysInfo/files/patch-xss-fix.diff new file mode 100644 index 000000000000..4f525c29253b --- /dev/null +++ b/www/phpSysInfo/files/patch-xss-fix.diff @@ -0,0 +1,11 @@ +--- includes/system_footer.php.orig Tue Jul 31 10:35:50 2007 ++++ includes/system_footer.php Tue Jul 31 10:35:52 2007 +@@ -29,7 +29,7 @@ + + if( ! $hide_picklist ) { + echo "<center>\n"; +- $update_form = "<form method=\"POST\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "\t" . $text['template'] . ": \n" . "\t<select name=\"template\">\n"; ++ $update_form = "<form method=\"POST\" action=\"" . htmlentities(strip_tags($_SERVER['PHP_SELF'])) . "\">\n" . "\t" . $text['template'] . ": \n" . "\t<select name=\"template\">\n"; + + $resDir = opendir( APP_ROOT . '/templates/' ); + while( false !== ( $strFile = readdir( $resDir ) ) ) { |