aboutsummaryrefslogtreecommitdiffstats
path: root/www/codeigniter17
diff options
context:
space:
mode:
authorglarkin <glarkin@FreeBSD.org>2010-07-22 06:26:46 +0800
committerglarkin <glarkin@FreeBSD.org>2010-07-22 06:26:46 +0800
commit23dc9d18e95831450bc5f035bb843f5221d58aa1 (patch)
treee33c213a1532c6581d32880e03c8f8d204309845 /www/codeigniter17
parent10564095cc3923c4bcb9a393b0153cac098de5ad (diff)
downloadfreebsd-ports-gnome-23dc9d18e95831450bc5f035bb843f5221d58aa1.tar.gz
freebsd-ports-gnome-23dc9d18e95831450bc5f035bb843f5221d58aa1.tar.zst
freebsd-ports-gnome-23dc9d18e95831450bc5f035bb843f5221d58aa1.zip
- Incorporate vendor patch for file upload class vulnerability
- Bump PORTREVISION Security: http://codeigniter.com/news/codeigniter_1.7.2_security_patch/ Security: 0502c1cb-8f81-11df-a0bb-0050568452ac
Diffstat (limited to 'www/codeigniter17')
-rw-r--r--www/codeigniter17/Makefile4
-rw-r--r--www/codeigniter17/files/patch-system__libraries__Upload.php245
2 files changed, 249 insertions, 0 deletions
diff --git a/www/codeigniter17/Makefile b/www/codeigniter17/Makefile
index 2d78d7c1ffee..ecfe309382c7 100644
--- a/www/codeigniter17/Makefile
+++ b/www/codeigniter17/Makefile
@@ -7,6 +7,7 @@
PORTNAME= codeigniter
PORTVERSION= 1.7.2
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= http://codeigniter.com/download_files/ \
LOCAL/glarkin
@@ -148,6 +149,9 @@ confighelp:
@${ECHO_MSG} "http://codeigniter.com/user_guide/installation/index.html"
@${ECHO_MSG} ""
+post-patch:
+ @cd ${WRKSRC} && ${RM} system/libraries/Upload.php.orig
+
do-install:
@cd ${WRKSRC} && ${COPYTREE_SHARE} "${STD_BITS}" ${WWWDIR}
@for i in ${CI_CONF_FILES}; do \
diff --git a/www/codeigniter17/files/patch-system__libraries__Upload.php b/www/codeigniter17/files/patch-system__libraries__Upload.php
new file mode 100644
index 000000000000..25582add045a
--- /dev/null
+++ b/www/codeigniter17/files/patch-system__libraries__Upload.php
@@ -0,0 +1,245 @@
+--- ./system/libraries/Upload.php.orig 2009-04-22 10:15:09.000000000 -0400
++++ ./system/libraries/Upload.php 2010-07-12 09:16:30.000000000 -0400
+@@ -6,7 +6,7 @@
+ *
+ * @package CodeIgniter
+ * @author ExpressionEngine Dev Team
+- * @copyright Copyright (c) 2008 - 2009, EllisLab, Inc.
++ * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
+ * @license http://codeigniter.com/user_guide/license.html
+ * @link http://codeigniter.com
+ * @since Version 1.0
+@@ -26,31 +26,33 @@
+ */
+ class CI_Upload {
+
+- var $max_size = 0;
+- var $max_width = 0;
+- var $max_height = 0;
+- var $max_filename = 0;
+- var $allowed_types = "";
+- var $file_temp = "";
+- var $file_name = "";
+- var $orig_name = "";
+- var $file_type = "";
+- var $file_size = "";
+- var $file_ext = "";
+- var $upload_path = "";
+- var $overwrite = FALSE;
+- var $encrypt_name = FALSE;
+- var $is_image = FALSE;
+- var $image_width = '';
+- var $image_height = '';
+- var $image_type = '';
+- var $image_size_str = '';
+- var $error_msg = array();
+- var $mimes = array();
+- var $remove_spaces = TRUE;
+- var $xss_clean = FALSE;
+- var $temp_prefix = "temp_file_";
+-
++ var $max_size = 0;
++ var $max_width = 0;
++ var $max_height = 0;
++ var $max_filename = 0;
++ var $allowed_types = "";
++ var $file_temp = "";
++ var $file_name = "";
++ var $orig_name = "";
++ var $file_type = "";
++ var $file_size = "";
++ var $file_ext = "";
++ var $upload_path = "";
++ var $overwrite = FALSE;
++ var $encrypt_name = FALSE;
++ var $is_image = FALSE;
++ var $image_width = '';
++ var $image_height = '';
++ var $image_type = '';
++ var $image_size_str = '';
++ var $error_msg = array();
++ var $mimes = array();
++ var $remove_spaces = TRUE;
++ var $xss_clean = FALSE;
++ var $temp_prefix = "temp_file_";
++ var $client_name = '';
++
++ var $_file_name_override = '';
+ /**
+ * Constructor
+ *
+@@ -101,7 +103,8 @@
+ 'mimes' => array(),
+ 'remove_spaces' => TRUE,
+ 'xss_clean' => FALSE,
+- 'temp_prefix' => "temp_file_"
++ 'temp_prefix' => "temp_file_",
++ 'client_name' => ''
+ );
+
+
+@@ -124,6 +127,10 @@
+ $this->$key = $val;
+ }
+ }
++
++ // if a file_name was provided in the config, use it instead of the user input
++ // supplied file name for all uploads until initialized again
++ $this->_file_name_override = $this->file_name;
+ }
+
+ // --------------------------------------------------------------------
+@@ -187,17 +194,12 @@
+
+ // Set the uploaded data as class variables
+ $this->file_temp = $_FILES[$field]['tmp_name'];
+- $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
+- $this->file_size = $_FILES[$field]['size'];
++ $this->file_size = $_FILES[$field]['size'];
+ $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
+- $this->file_type = strtolower($this->file_type);
+- $this->file_ext = $this->get_extension($_FILES[$field]['name']);
+-
+- // Convert the file size to kilobytes
+- if ($this->file_size > 0)
+- {
+- $this->file_size = round($this->file_size/1024, 2);
+- }
++ $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
++ $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
++ $this->file_ext = $this->get_extension($this->file_name);
++ $this->client_name = $this->file_name;
+
+ // Is the file type allowed to be uploaded?
+ if ( ! $this->is_allowed_filetype())
+@@ -205,6 +207,25 @@
+ $this->set_error('upload_invalid_filetype');
+ return FALSE;
+ }
++
++ // if we're overriding, let's now make sure the new name and type is allowed
++ if ($this->_file_name_override != '')
++ {
++ $this->file_name = $this->_prep_filename($this->_file_name_override);
++ $this->file_ext = $this->get_extension($this->file_name);
++
++ if ( ! $this->is_allowed_filetype(TRUE))
++ {
++ $this->set_error('upload_invalid_filetype');
++ return FALSE;
++ }
++ }
++
++ // Convert the file size to kilobytes
++ if ($this->file_size > 0)
++ {
++ $this->file_size = round($this->file_size/1024, 2);
++ }
+
+ // Is the file size within the allowed maximum?
+ if ( ! $this->is_allowed_filesize())
+@@ -312,6 +333,7 @@
+ 'full_path' => $this->upload_path.$this->file_name,
+ 'raw_name' => str_replace($this->file_ext, '', $this->file_name),
+ 'orig_name' => $this->orig_name,
++ 'client_name' => $this->client_name,
+ 'file_ext' => $this->file_ext,
+ 'file_size' => $this->file_size,
+ 'is_image' => $this->is_image(),
+@@ -549,43 +571,49 @@
+ * @access public
+ * @return bool
+ */
+- function is_allowed_filetype()
++ function is_allowed_filetype($ignore_mime = FALSE)
+ {
+ if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
+ {
+ $this->set_error('upload_no_file_types');
+ return FALSE;
+ }
++
++ $ext = strtolower(ltrim($this->file_ext, '.'));
++
++ if ( ! in_array($ext, $this->allowed_types))
++ {
++ return FALSE;
++ }
+
++ // Images get some additional checks
+ $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
+
+- foreach ($this->allowed_types as $val)
++ if (in_array($ext, $image_types))
+ {
+- $mime = $this->mimes_types(strtolower($val));
+-
+- // Images get some additional checks
+- if (in_array($val, $image_types))
++ if (getimagesize($this->file_temp) === FALSE)
+ {
+- if (getimagesize($this->file_temp) === FALSE)
+- {
+- return FALSE;
+- }
+- }
++ return FALSE;
++ }
++ }
+
+- if (is_array($mime))
+- {
+- if (in_array($this->file_type, $mime, TRUE))
+- {
+- return TRUE;
+- }
+- }
+- else
++ if ($ignore_mime === TRUE)
++ {
++ return TRUE;
++ }
++
++ $mime = $this->mimes_types($ext);
++
++ if (is_array($mime))
++ {
++ if (in_array($this->file_type, $mime, TRUE))
+ {
+- if ($mime == $this->file_type)
+- {
+- return TRUE;
+- }
+- }
++ return TRUE;
++ }
++ }
++ elseif ($mime == $this->file_type)
++ {
++ return TRUE;
+ }
+
+ return FALSE;
+@@ -918,7 +946,7 @@
+
+ foreach ($parts as $part)
+ {
+- if ($this->mimes_types(strtolower($part)) === FALSE)
++ if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE)
+ {
+ $filename .= '.'.$part.'_';
+ }
+@@ -928,13 +956,6 @@
+ }
+ }
+
+- // file name override, since the exact name is provided, no need to
+- // run it through a $this->mimes check.
+- if ($this->file_name != '')
+- {
+- $filename = $this->file_name;
+- }
+-
+ $filename .= '.'.$ext;
+
+ return $filename;