- Fixed PHP code injection vulnerability by incorporating upstream patch

- Bumped PORTREVISION

  NOTE: VuXML ID to follow shortly

PR:		ports/161954
Submitted by:	Ruslan Mahmatkhanov <cvs-src@yandex.ru>
Approved by:	Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Security:	http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt
Security:	http://sourceforge.net/tracker/?func=detail&aid=3417184&group_id=61828&atid=498546

2 files changed, 15 insertions, 0 deletions

diff --git a/net/phpldapadmin/Makefile b/net/phpldapadmin/Makefile
index 37f5f0e49261..009de1ebff58 100644
--- a/net/phpldapadmin/Makefile
+++ b/net/phpldapadmin/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	phpldapadmin
 PORTVERSION=	1.2.1.1
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	net www
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}-php5/${PORTVERSION}
diff --git a/net/phpldapadmin/files/patch-lib__functions.php b/net/phpldapadmin/files/patch-lib__functions.php
new file mode 100644
index 000000000000..9d9009e28464
--- /dev/null
+++ b/net/phpldapadmin/files/patch-lib__functions.php
@@ -0,0 +1,14 @@
+--- ./lib/functions.php.orig	2011-05-11 05:40:18.000000000 -0400
++++ ./lib/functions.php	2011-10-24 09:00:11.000000000 -0400
+@@ -1003,8 +1003,9 @@
+ 	if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
+ 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
+ 
+-	# if the array to sort is null or empty
+-	if (! $data) return;
++	# if the array to sort is null or empty, or if we have some nasty chars
++	if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
++		return;
+ 
+ 	static $CACHE = array();
+