aboutsummaryrefslogtreecommitdiffstats
path: root/www/phpbb
diff options
context:
space:
mode:
authorpav <pav@FreeBSD.org>2004-03-27 23:07:16 +0800
committerpav <pav@FreeBSD.org>2004-03-27 23:07:16 +0800
commit833baa556130c6ad4e5c40c0da635c9d5d4494e6 (patch)
tree0002debce7560ec0356a6c12167d122ecb60537d /www/phpbb
parent14021badf205c2520f73b8b4face4655ce60731a (diff)
downloadfreebsd-ports-gnome-833baa556130c6ad4e5c40c0da635c9d5d4494e6.tar.gz
freebsd-ports-gnome-833baa556130c6ad4e5c40c0da635c9d5d4494e6.tar.zst
freebsd-ports-gnome-833baa556130c6ad4e5c40c0da635c9d5d4494e6.zip
- Plug another SQL injection vulnerability
Exploit posted at: http://www.securityfocus.com/archive/1/358708 Patch obtained from: http://www.securityfocus.com/archive/1/358751 PR: ports/64803 Submitted by: Kang Liu <liukang@bjpu.edu.cn> (maintainer)
Diffstat (limited to 'www/phpbb')
-rw-r--r--www/phpbb/Makefile2
-rw-r--r--www/phpbb/files/patch-privmsg.php21
2 files changed, 23 insertions, 0 deletions
diff --git a/www/phpbb/Makefile b/www/phpbb/Makefile
index 264d427b1825..6c3ae5896e9d 100644
--- a/www/phpbb/Makefile
+++ b/www/phpbb/Makefile
@@ -7,6 +7,7 @@
PORTNAME= phpbb
PORTVERSION= 2.0.8
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -60,6 +61,7 @@ pre-everything::
post-patch:
@ ${REINPLACE_CMD} -e "s#\.\./templates#/${PHPBBURL}/templates#" \
${WRKSRC}/docs/*.html
+ @ ${RM} ${WRKSRC}/*.orig
post-configure:
@ ${SED} \
diff --git a/www/phpbb/files/patch-privmsg.php b/www/phpbb/files/patch-privmsg.php
new file mode 100644
index 000000000000..ae3bd897de5f
--- /dev/null
+++ b/www/phpbb/files/patch-privmsg.php
@@ -0,0 +1,21 @@
+--- privmsg.php 2004-03-18 19:51:32.000000000 +0000
++++ privmsg.1.php 2004-03-26 19:51:07.000000000 +0000
+@@ -212,7 +212,17 @@
+ break;
+ case 'savebox':
+ $l_box_name = $lang['Savebox'];
+- $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
++
++ //
++ // For some obscure reason, the assignment
++ // concatenation operator was coded below, which
++ // allowed an attacker to append arbitrary SQL code
++ // to the end of the $pm_sql_user variable.
++ // This is fixed below.
++ //
++ // -shaun2k2
++ //
++ $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
+ AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
+ OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
+ AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )