diff options
| author | shaun <shaun@FreeBSD.org> | 2007-07-31 17:44:45 +0800 |
|---|---|---|
| committer | shaun <shaun@FreeBSD.org> | 2007-07-31 17:44:45 +0800 |
| commit | fabc2909ce778d2940f2bd7cc904ce34a3a39eda (patch) | |
| tree | 42ff8017d93eceefde951fe499be3e0270726217 /www/phpSysInfo | |
| parent | 4795ea6f2d4d2e822cfb81c64659b1ed11cee2f1 (diff) | |
| download | freebsd-ports-gnome-fabc2909ce778d2940f2bd7cc904ce34a3a39eda.tar.gz freebsd-ports-gnome-fabc2909ce778d2940f2bd7cc904ce34a3a39eda.tar.zst freebsd-ports-gnome-fabc2909ce778d2940f2bd7cc904ce34a3a39eda.zip | |
Fix XSS vulnerability.
Reported by: miwi
Security: 88260dfe-3d21-11dc-b3d3-0016179b2dd
Diffstat (limited to 'www/phpSysInfo')
| -rw-r--r-- | www/phpSysInfo/Makefile | 1 | ||||
| -rw-r--r-- | www/phpSysInfo/files/patch-xss-fix.diff | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/www/phpSysInfo/Makefile b/www/phpSysInfo/Makefile index 34cc9f4297da..309c5cc3d87e 100644 --- a/www/phpSysInfo/Makefile +++ b/www/phpSysInfo/Makefile @@ -6,6 +6,7 @@ PORTNAME= phpSysInfo PORTVERSION= 2.5.3 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME:L} diff --git a/www/phpSysInfo/files/patch-xss-fix.diff b/www/phpSysInfo/files/patch-xss-fix.diff new file mode 100644 index 000000000000..4f525c29253b --- /dev/null +++ b/www/phpSysInfo/files/patch-xss-fix.diff @@ -0,0 +1,11 @@ +--- includes/system_footer.php.orig Tue Jul 31 10:35:50 2007 ++++ includes/system_footer.php Tue Jul 31 10:35:52 2007 +@@ -29,7 +29,7 @@ + + if( ! $hide_picklist ) { + echo "<center>\n"; +- $update_form = "<form method=\"POST\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "\t" . $text['template'] . ": \n" . "\t<select name=\"template\">\n"; ++ $update_form = "<form method=\"POST\" action=\"" . htmlentities(strip_tags($_SERVER['PHP_SELF'])) . "\">\n" . "\t" . $text['template'] . ": \n" . "\t<select name=\"template\">\n"; + + $resDir = opendir( APP_ROOT . '/templates/' ); + while( false !== ( $strFile = readdir( $resDir ) ) ) { |