Update to 20091225c. This version fixed a CSRF vulnerability in ACL

manager. Security: http://bugs.splitbrain.org/index.php?do=details&task_id=1853
author: delphij <delphij@FreeBSD.org> 2010-01-19 01:39:55 +0800
committer: delphij <delphij@FreeBSD.org> 2010-01-19 01:39:55 +0800
commit: bb92e30056c8b6d9ec059da2896f5c06a4e9956f (patch)
tree: aa4739dcb1e79aa2b528d58c68caeb800098a7aa /www/dokuwiki
parent: 167cdd58d4ad795535c2a9fe4eb6053a68d27c0e (diff)
download: freebsd-ports-gnome-bb92e30056c8b6d9ec059da2896f5c06a4e9956f.tar.gz
freebsd-ports-gnome-bb92e30056c8b6d9ec059da2896f5c06a4e9956f.tar.zst
freebsd-ports-gnome-bb92e30056c8b6d9ec059da2896f5c06a4e9956f.zip
3 files changed, 117 insertions, 40 deletions
diff --git a/www/dokuwiki/Makefile b/www/dokuwiki/Makefile
index 80caece35efe..d432c3feb7e6 100644
--- a/www/dokuwiki/Makefile
+++ b/www/dokuwiki/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	dokuwiki
 PORTVERSION=	${DIST_VER:S/${PORTNAME}//:S/-//g}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	http://www.splitbrain.org/_media/projects/dokuwiki/ \
 		LOCAL/chinsan/${PORTNAME}
diff --git a/www/dokuwiki/files/patch-20091225b b/www/dokuwiki/files/patch-20091225b
deleted file mode 100644
index 0c31c2ec4f10..000000000000
--- a/www/dokuwiki/files/patch-20091225b
+++ /dev/null
@@ -1,39 +0,0 @@
-diff -u -r -N VERSION VERSION
---- VERSION	2009-12-25 02:14:45.000000000 -0800
-+++ VERSION	2010-01-13 09:21:13.000000000 -0800
-@@ -1 +1 @@
--2009-12-25 "Lemming"
-+2009-12-25b "Lemming"
-diff -u -r -N conf/msg conf/msg
---- conf/msg	2009-12-25 02:14:41.000000000 -0800
-+++ conf/msg	2010-01-13 08:25:37.000000000 -0800
-@@ -1,4 +1,4 @@
--23
-+24
- The first line of this file contains a number, indicating
- which notification messages should not be displayed. This
- is the only information sent to dokuwiki.org when the
-diff -u -r -N lib/plugins/acl/ajax.php lib/plugins/acl/ajax.php
---- lib/plugins/acl/ajax.php	2009-12-25 02:14:41.000000000 -0800
-+++ lib/plugins/acl/ajax.php	2010-01-13 08:25:37.000000000 -0800
-@@ -16,9 +16,11 @@
- require_once(DOKU_INC.'inc/common.php');
- require_once(DOKU_INC.'inc/pageutils.php');
- require_once(DOKU_INC.'inc/auth.php');
--//close sesseion
-+//close session
- session_write_close();
- 
-+if(!auth_isadmin()) die('forbidden');
-+
- $ID    = getID();
- 
- if(!auth_isadmin) die('for admins only');
-@@ -42,6 +44,7 @@
-     if($ns == '*'){
-         $ns ='';
-     }
-+    $ns  = cleanID($ns);
-     $lvl = count(explode(':',$ns));
-     $ns  = utf8_encodeFN(str_replace(':','/',$ns));
- 
diff --git a/www/dokuwiki/files/patch-20091225c b/www/dokuwiki/files/patch-20091225c
new file mode 100644
index 000000000000..2b364de2684b
--- /dev/null
+++ b/www/dokuwiki/files/patch-20091225c
@@ -0,0 +1,116 @@
+diff -ur VERSION VERSION
+--- VERSION	2009-12-25 02:14:45.000000000 -0800
++++ VERSION	2010-01-17 02:36:47.000000000 -0800
+@@ -1 +1 @@
+-2009-12-25 "Lemming"
++2009-12-25c "Lemming"
+diff -ur conf/msg conf/msg
+--- conf/msg	2009-12-25 02:14:41.000000000 -0800
++++ conf/msg	2010-01-17 02:35:46.000000000 -0800
+@@ -1,4 +1,4 @@
+-23
++25
+ The first line of this file contains a number, indicating
+ which notification messages should not be displayed. This
+ is the only information sent to dokuwiki.org when the
+diff -ur lib/plugins/acl/admin.php lib/plugins/acl/admin.php
+--- lib/plugins/acl/admin.php	2009-12-25 02:14:41.000000000 -0800
++++ lib/plugins/acl/admin.php	2010-01-17 02:35:46.000000000 -0800
+@@ -31,7 +31,7 @@
+         return array(
+             'author' => 'Andreas Gohr',
+             'email'  => 'andi@splitbrain.org',
+-            'date'   => '2009-08-07',
++            'date'   => '2010-01-17',
+             'name'   => 'ACL Manager',
+             'desc'   => 'Manage Page Access Control Lists',
+             'url'    => 'http://dokuwiki.org/plugin:acl',
+@@ -67,6 +67,7 @@
+         // fresh 1:1 copy without replacements
+         $AUTH_ACL = file(DOKU_CONF.'acl.auth.php');
+ 
++
+         // namespace given?
+         if($_REQUEST['ns'] == '*'){
+             $this->ns = '*';
+@@ -89,7 +90,8 @@
+         }
+ 
+         // handle modifications
+-        if(isset($_REQUEST['cmd'])){
++        if(isset($_REQUEST['cmd']) && checkSecurityToken()){
++
+             // scope for modifications
+             if($this->ns){
+                 if($this->ns == '*'){
+@@ -310,6 +312,7 @@
+         echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL;
+         echo '<input type="hidden" name="do" value="admin" />'.NL;
+         echo '<input type="hidden" name="page" value="acl" />'.NL;
++        echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL;
+         echo '</div></form>'.NL;
+     }
+ 
+@@ -480,11 +483,11 @@
+                 $alt   = '+';
+             }
+             $ret .= '<img src="'.$img.'" alt="'.$alt.'" />';
+-            $ret .= '<a href="'.wl('',$this->_get_opts(array('ns'=>$item['id']))).'" class="idx_dir'.$cl.'">';
++            $ret .= '<a href="'.wl('',$this->_get_opts(array('ns'=>$item['id'],'sectok'=>getSecurityToken()))).'" class="idx_dir'.$cl.'">';
+             $ret .= $base;
+             $ret .= '</a>';
+         }else{
+-            $ret .= '<a href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>''))).'" class="wikilink1'.$cl.'">';
++            $ret .= '<a href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>'','sectok'=>getSecurityToken()))).'" class="wikilink1'.$cl.'">';
+             $ret .= noNS($item['id']);
+             $ret .= '</a>';
+         }
+@@ -562,6 +565,7 @@
+         echo '<input type="hidden" name="acl_w" value="'.hsc($this->who).'" />'.NL;
+         echo '<input type="hidden" name="do" value="admin" />'.NL;
+         echo '<input type="hidden" name="page" value="acl" />'.NL;
++        echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL;
+         echo '<table class="inline">';
+         echo '<tr>';
+         echo '<th>'.$this->getLang('where').'</th>';
+diff -ur lib/plugins/acl/ajax.php lib/plugins/acl/ajax.php
+--- lib/plugins/acl/ajax.php	2009-12-25 02:14:41.000000000 -0800
++++ lib/plugins/acl/ajax.php	2010-01-17 02:35:46.000000000 -0800
+@@ -16,12 +16,14 @@
+ require_once(DOKU_INC.'inc/common.php');
+ require_once(DOKU_INC.'inc/pageutils.php');
+ require_once(DOKU_INC.'inc/auth.php');
+-//close sesseion
++//close session
+ session_write_close();
+ 
++if(!auth_isadmin()) die('for admins only');
++if(!checkSecurityToken()) die('CRSF Attack');
++
+ $ID    = getID();
+ 
+-if(!auth_isadmin) die('for admins only');
+ require_once(DOKU_INC.'inc/pluginutils.php');
+ require_once(DOKU_INC.'inc/html.php');
+ $acl = plugin_load('admin','acl');
+@@ -42,6 +44,7 @@
+     if($ns == '*'){
+         $ns ='';
+     }
++    $ns  = cleanID($ns);
+     $lvl = count(explode(':',$ns));
+     $ns  = utf8_encodeFN(str_replace(':','/',$ns));
+ 
+diff -ur lib/plugins/acl/script.js lib/plugins/acl/script.js
+--- lib/plugins/acl/script.js	2009-12-25 02:14:41.000000000 -0800
++++ lib/plugins/acl/script.js	2010-01-17 02:35:46.000000000 -0800
+@@ -48,7 +48,8 @@
+         data[1] = ajax.encVar('id',frm.elements['id'].value);
+         data[2] = ajax.encVar('acl_t',frm.elements['acl_t'].value);
+         data[3] = ajax.encVar('acl_w',frm.elements['acl_w'].value);
+-        data[4] = ajax.encVar('ajax','info');
++        data[4] = ajax.encVar('sectok',frm.elements['sectok'].value);
++        data[5] = ajax.encVar('ajax','info');
+ 
+         ajax.elementObj = $('acl__info');
+
author	delphij <delphij@FreeBSD.org>	2010-01-19 01:39:55 +0800
committer	delphij <delphij@FreeBSD.org>	2010-01-19 01:39:55 +0800
commit	bb92e30056c8b6d9ec059da2896f5c06a4e9956f (patch)
tree	aa4739dcb1e79aa2b528d58c68caeb800098a7aa /www/dokuwiki
parent	167cdd58d4ad795535c2a9fe4eb6053a68d27c0e (diff)
download	freebsd-ports-gnome-bb92e30056c8b6d9ec059da2896f5c06a4e9956f.tar.gz freebsd-ports-gnome-bb92e30056c8b6d9ec059da2896f5c06a4e9956f.tar.zst freebsd-ports-gnome-bb92e30056c8b6d9ec059da2896f5c06a4e9956f.zip