diff options
author | pav <pav@FreeBSD.org> | 2004-03-27 23:07:16 +0800 |
---|---|---|
committer | pav <pav@FreeBSD.org> | 2004-03-27 23:07:16 +0800 |
commit | 833baa556130c6ad4e5c40c0da635c9d5d4494e6 (patch) | |
tree | 0002debce7560ec0356a6c12167d122ecb60537d /www/phpbb | |
parent | 14021badf205c2520f73b8b4face4655ce60731a (diff) | |
download | freebsd-ports-gnome-833baa556130c6ad4e5c40c0da635c9d5d4494e6.tar.gz freebsd-ports-gnome-833baa556130c6ad4e5c40c0da635c9d5d4494e6.tar.zst freebsd-ports-gnome-833baa556130c6ad4e5c40c0da635c9d5d4494e6.zip |
- Plug another SQL injection vulnerability
Exploit posted at: http://www.securityfocus.com/archive/1/358708
Patch obtained from: http://www.securityfocus.com/archive/1/358751
PR: ports/64803
Submitted by: Kang Liu <liukang@bjpu.edu.cn> (maintainer)
Diffstat (limited to 'www/phpbb')
-rw-r--r-- | www/phpbb/Makefile | 2 | ||||
-rw-r--r-- | www/phpbb/files/patch-privmsg.php | 21 |
2 files changed, 23 insertions, 0 deletions
diff --git a/www/phpbb/Makefile b/www/phpbb/Makefile index 264d427b1825..6c3ae5896e9d 100644 --- a/www/phpbb/Makefile +++ b/www/phpbb/Makefile @@ -7,6 +7,7 @@ PORTNAME= phpbb PORTVERSION= 2.0.8 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -60,6 +61,7 @@ pre-everything:: post-patch: @ ${REINPLACE_CMD} -e "s#\.\./templates#/${PHPBBURL}/templates#" \ ${WRKSRC}/docs/*.html + @ ${RM} ${WRKSRC}/*.orig post-configure: @ ${SED} \ diff --git a/www/phpbb/files/patch-privmsg.php b/www/phpbb/files/patch-privmsg.php new file mode 100644 index 000000000000..ae3bd897de5f --- /dev/null +++ b/www/phpbb/files/patch-privmsg.php @@ -0,0 +1,21 @@ +--- privmsg.php 2004-03-18 19:51:32.000000000 +0000 ++++ privmsg.1.php 2004-03-26 19:51:07.000000000 +0000 +@@ -212,7 +212,17 @@ + break; + case 'savebox': + $l_box_name = $lang['Savebox']; +- $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " ++ ++ // ++ // For some obscure reason, the assignment ++ // concatenation operator was coded below, which ++ // allowed an attacker to append arbitrary SQL code ++ // to the end of the $pm_sql_user variable. ++ // This is fixed below. ++ // ++ // -shaun2k2 ++ // ++ $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " + AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) + OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . " + AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) |