diff options
| author | Xin LI <delphij@FreeBSD.org> | 2010-01-13 23:30:43 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2010-01-13 23:30:43 +0000 |
| commit | 28850e37bcace86e4a8af432ceeb5b0bfbcbf44f (patch) | |
| tree | d9322c04b1cd6b15b692a0e301164f75ff2237de /www | |
| parent | ad1ac1896fc70a993540b628ba5351fbfea47bb7 (diff) | |
| download | ports-28850e37bcace86e4a8af432ceeb5b0bfbcbf44f.tar.gz ports-28850e37bcace86e4a8af432ceeb5b0bfbcbf44f.zip | |
Fix a minor information leak issue which will expose directories outside
the wiki root (not their contents though).
This commit actually upgraded the port to 2009-12-25b by adding the patch
file.
For details please consult:
http://bugs.splitbrain.org/index.php?do=details&task_id=1847
Sponsored by: iXsystems, Inc.
Notes
Notes:
svn path=/head/; revision=247833
Diffstat (limited to 'www')
| -rw-r--r-- | www/dokuwiki/Makefile | 1 | ||||
| -rw-r--r-- | www/dokuwiki/files/patch-20091225b | 39 |
2 files changed, 40 insertions, 0 deletions
diff --git a/www/dokuwiki/Makefile b/www/dokuwiki/Makefile index 4a4608ac4875..80caece35efe 100644 --- a/www/dokuwiki/Makefile +++ b/www/dokuwiki/Makefile @@ -7,6 +7,7 @@ PORTNAME= dokuwiki PORTVERSION= ${DIST_VER:S/${PORTNAME}//:S/-//g} +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.splitbrain.org/_media/projects/dokuwiki/ \ LOCAL/chinsan/${PORTNAME} diff --git a/www/dokuwiki/files/patch-20091225b b/www/dokuwiki/files/patch-20091225b new file mode 100644 index 000000000000..0c31c2ec4f10 --- /dev/null +++ b/www/dokuwiki/files/patch-20091225b @@ -0,0 +1,39 @@ +diff -u -r -N VERSION VERSION +--- VERSION 2009-12-25 02:14:45.000000000 -0800 ++++ VERSION 2010-01-13 09:21:13.000000000 -0800 +@@ -1 +1 @@ +-2009-12-25 "Lemming" ++2009-12-25b "Lemming" +diff -u -r -N conf/msg conf/msg +--- conf/msg 2009-12-25 02:14:41.000000000 -0800 ++++ conf/msg 2010-01-13 08:25:37.000000000 -0800 +@@ -1,4 +1,4 @@ +-23 ++24 + The first line of this file contains a number, indicating + which notification messages should not be displayed. This + is the only information sent to dokuwiki.org when the +diff -u -r -N lib/plugins/acl/ajax.php lib/plugins/acl/ajax.php +--- lib/plugins/acl/ajax.php 2009-12-25 02:14:41.000000000 -0800 ++++ lib/plugins/acl/ajax.php 2010-01-13 08:25:37.000000000 -0800 +@@ -16,9 +16,11 @@ + require_once(DOKU_INC.'inc/common.php'); + require_once(DOKU_INC.'inc/pageutils.php'); + require_once(DOKU_INC.'inc/auth.php'); +-//close sesseion ++//close session + session_write_close(); + ++if(!auth_isadmin()) die('forbidden'); ++ + $ID = getID(); + + if(!auth_isadmin) die('for admins only'); +@@ -42,6 +44,7 @@ + if($ns == '*'){ + $ns =''; + } ++ $ns = cleanID($ns); + $lvl = count(explode(':',$ns)); + $ns = utf8_encodeFN(str_replace(':','/',$ns)); + |