diff options
author | glarkin <glarkin@FreeBSD.org> | 2010-07-22 06:26:46 +0800 |
---|---|---|
committer | glarkin <glarkin@FreeBSD.org> | 2010-07-22 06:26:46 +0800 |
commit | 23dc9d18e95831450bc5f035bb843f5221d58aa1 (patch) | |
tree | e33c213a1532c6581d32880e03c8f8d204309845 /www/codeigniter17 | |
parent | 10564095cc3923c4bcb9a393b0153cac098de5ad (diff) | |
download | freebsd-ports-gnome-23dc9d18e95831450bc5f035bb843f5221d58aa1.tar.gz freebsd-ports-gnome-23dc9d18e95831450bc5f035bb843f5221d58aa1.tar.zst freebsd-ports-gnome-23dc9d18e95831450bc5f035bb843f5221d58aa1.zip |
- Incorporate vendor patch for file upload class vulnerability
- Bump PORTREVISION
Security: http://codeigniter.com/news/codeigniter_1.7.2_security_patch/
Security: 0502c1cb-8f81-11df-a0bb-0050568452ac
Diffstat (limited to 'www/codeigniter17')
-rw-r--r-- | www/codeigniter17/Makefile | 4 | ||||
-rw-r--r-- | www/codeigniter17/files/patch-system__libraries__Upload.php | 245 |
2 files changed, 249 insertions, 0 deletions
diff --git a/www/codeigniter17/Makefile b/www/codeigniter17/Makefile index 2d78d7c1ffee..ecfe309382c7 100644 --- a/www/codeigniter17/Makefile +++ b/www/codeigniter17/Makefile @@ -7,6 +7,7 @@ PORTNAME= codeigniter PORTVERSION= 1.7.2 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://codeigniter.com/download_files/ \ LOCAL/glarkin @@ -148,6 +149,9 @@ confighelp: @${ECHO_MSG} "http://codeigniter.com/user_guide/installation/index.html" @${ECHO_MSG} "" +post-patch: + @cd ${WRKSRC} && ${RM} system/libraries/Upload.php.orig + do-install: @cd ${WRKSRC} && ${COPYTREE_SHARE} "${STD_BITS}" ${WWWDIR} @for i in ${CI_CONF_FILES}; do \ diff --git a/www/codeigniter17/files/patch-system__libraries__Upload.php b/www/codeigniter17/files/patch-system__libraries__Upload.php new file mode 100644 index 000000000000..25582add045a --- /dev/null +++ b/www/codeigniter17/files/patch-system__libraries__Upload.php @@ -0,0 +1,245 @@ +--- ./system/libraries/Upload.php.orig 2009-04-22 10:15:09.000000000 -0400 ++++ ./system/libraries/Upload.php 2010-07-12 09:16:30.000000000 -0400 +@@ -6,7 +6,7 @@ + * + * @package CodeIgniter + * @author ExpressionEngine Dev Team +- * @copyright Copyright (c) 2008 - 2009, EllisLab, Inc. ++ * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc. + * @license http://codeigniter.com/user_guide/license.html + * @link http://codeigniter.com + * @since Version 1.0 +@@ -26,31 +26,33 @@ + */ + class CI_Upload { + +- var $max_size = 0; +- var $max_width = 0; +- var $max_height = 0; +- var $max_filename = 0; +- var $allowed_types = ""; +- var $file_temp = ""; +- var $file_name = ""; +- var $orig_name = ""; +- var $file_type = ""; +- var $file_size = ""; +- var $file_ext = ""; +- var $upload_path = ""; +- var $overwrite = FALSE; +- var $encrypt_name = FALSE; +- var $is_image = FALSE; +- var $image_width = ''; +- var $image_height = ''; +- var $image_type = ''; +- var $image_size_str = ''; +- var $error_msg = array(); +- var $mimes = array(); +- var $remove_spaces = TRUE; +- var $xss_clean = FALSE; +- var $temp_prefix = "temp_file_"; +- ++ var $max_size = 0; ++ var $max_width = 0; ++ var $max_height = 0; ++ var $max_filename = 0; ++ var $allowed_types = ""; ++ var $file_temp = ""; ++ var $file_name = ""; ++ var $orig_name = ""; ++ var $file_type = ""; ++ var $file_size = ""; ++ var $file_ext = ""; ++ var $upload_path = ""; ++ var $overwrite = FALSE; ++ var $encrypt_name = FALSE; ++ var $is_image = FALSE; ++ var $image_width = ''; ++ var $image_height = ''; ++ var $image_type = ''; ++ var $image_size_str = ''; ++ var $error_msg = array(); ++ var $mimes = array(); ++ var $remove_spaces = TRUE; ++ var $xss_clean = FALSE; ++ var $temp_prefix = "temp_file_"; ++ var $client_name = ''; ++ ++ var $_file_name_override = ''; + /** + * Constructor + * +@@ -101,7 +103,8 @@ + 'mimes' => array(), + 'remove_spaces' => TRUE, + 'xss_clean' => FALSE, +- 'temp_prefix' => "temp_file_" ++ 'temp_prefix' => "temp_file_", ++ 'client_name' => '' + ); + + +@@ -124,6 +127,10 @@ + $this->$key = $val; + } + } ++ ++ // if a file_name was provided in the config, use it instead of the user input ++ // supplied file name for all uploads until initialized again ++ $this->_file_name_override = $this->file_name; + } + + // -------------------------------------------------------------------- +@@ -187,17 +194,12 @@ + + // Set the uploaded data as class variables + $this->file_temp = $_FILES[$field]['tmp_name']; +- $this->file_name = $this->_prep_filename($_FILES[$field]['name']); +- $this->file_size = $_FILES[$field]['size']; ++ $this->file_size = $_FILES[$field]['size']; + $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); +- $this->file_type = strtolower($this->file_type); +- $this->file_ext = $this->get_extension($_FILES[$field]['name']); +- +- // Convert the file size to kilobytes +- if ($this->file_size > 0) +- { +- $this->file_size = round($this->file_size/1024, 2); +- } ++ $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); ++ $this->file_name = $this->_prep_filename($_FILES[$field]['name']); ++ $this->file_ext = $this->get_extension($this->file_name); ++ $this->client_name = $this->file_name; + + // Is the file type allowed to be uploaded? + if ( ! $this->is_allowed_filetype()) +@@ -205,6 +207,25 @@ + $this->set_error('upload_invalid_filetype'); + return FALSE; + } ++ ++ // if we're overriding, let's now make sure the new name and type is allowed ++ if ($this->_file_name_override != '') ++ { ++ $this->file_name = $this->_prep_filename($this->_file_name_override); ++ $this->file_ext = $this->get_extension($this->file_name); ++ ++ if ( ! $this->is_allowed_filetype(TRUE)) ++ { ++ $this->set_error('upload_invalid_filetype'); ++ return FALSE; ++ } ++ } ++ ++ // Convert the file size to kilobytes ++ if ($this->file_size > 0) ++ { ++ $this->file_size = round($this->file_size/1024, 2); ++ } + + // Is the file size within the allowed maximum? + if ( ! $this->is_allowed_filesize()) +@@ -312,6 +333,7 @@ + 'full_path' => $this->upload_path.$this->file_name, + 'raw_name' => str_replace($this->file_ext, '', $this->file_name), + 'orig_name' => $this->orig_name, ++ 'client_name' => $this->client_name, + 'file_ext' => $this->file_ext, + 'file_size' => $this->file_size, + 'is_image' => $this->is_image(), +@@ -549,43 +571,49 @@ + * @access public + * @return bool + */ +- function is_allowed_filetype() ++ function is_allowed_filetype($ignore_mime = FALSE) + { + if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) + { + $this->set_error('upload_no_file_types'); + return FALSE; + } ++ ++ $ext = strtolower(ltrim($this->file_ext, '.')); ++ ++ if ( ! in_array($ext, $this->allowed_types)) ++ { ++ return FALSE; ++ } + ++ // Images get some additional checks + $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); + +- foreach ($this->allowed_types as $val) ++ if (in_array($ext, $image_types)) + { +- $mime = $this->mimes_types(strtolower($val)); +- +- // Images get some additional checks +- if (in_array($val, $image_types)) ++ if (getimagesize($this->file_temp) === FALSE) + { +- if (getimagesize($this->file_temp) === FALSE) +- { +- return FALSE; +- } +- } ++ return FALSE; ++ } ++ } + +- if (is_array($mime)) +- { +- if (in_array($this->file_type, $mime, TRUE)) +- { +- return TRUE; +- } +- } +- else ++ if ($ignore_mime === TRUE) ++ { ++ return TRUE; ++ } ++ ++ $mime = $this->mimes_types($ext); ++ ++ if (is_array($mime)) ++ { ++ if (in_array($this->file_type, $mime, TRUE)) + { +- if ($mime == $this->file_type) +- { +- return TRUE; +- } +- } ++ return TRUE; ++ } ++ } ++ elseif ($mime == $this->file_type) ++ { ++ return TRUE; + } + + return FALSE; +@@ -918,7 +946,7 @@ + + foreach ($parts as $part) + { +- if ($this->mimes_types(strtolower($part)) === FALSE) ++ if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE) + { + $filename .= '.'.$part.'_'; + } +@@ -928,13 +956,6 @@ + } + } + +- // file name override, since the exact name is provided, no need to +- // run it through a $this->mimes check. +- if ($this->file_name != '') +- { +- $filename = $this->file_name; +- } +- + $filename .= '.'.$ext; + + return $filename; |