diff options
| -rw-r--r-- | www/phpbb/Makefile | 2 | ||||
| -rw-r--r-- | www/phpbb/files/patch-privmsg.php | 21 |
2 files changed, 23 insertions, 0 deletions
diff --git a/www/phpbb/Makefile b/www/phpbb/Makefile index 264d427b1825..6c3ae5896e9d 100644 --- a/www/phpbb/Makefile +++ b/www/phpbb/Makefile @@ -7,6 +7,7 @@ PORTNAME= phpbb PORTVERSION= 2.0.8 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -60,6 +61,7 @@ pre-everything:: post-patch: @ ${REINPLACE_CMD} -e "s#\.\./templates#/${PHPBBURL}/templates#" \ ${WRKSRC}/docs/*.html + @ ${RM} ${WRKSRC}/*.orig post-configure: @ ${SED} \ diff --git a/www/phpbb/files/patch-privmsg.php b/www/phpbb/files/patch-privmsg.php new file mode 100644 index 000000000000..ae3bd897de5f --- /dev/null +++ b/www/phpbb/files/patch-privmsg.php @@ -0,0 +1,21 @@ +--- privmsg.php 2004-03-18 19:51:32.000000000 +0000 ++++ privmsg.1.php 2004-03-26 19:51:07.000000000 +0000 +@@ -212,7 +212,17 @@ + break; + case 'savebox': + $l_box_name = $lang['Savebox']; +- $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " ++ ++ // ++ // For some obscure reason, the assignment ++ // concatenation operator was coded below, which ++ // allowed an attacker to append arbitrary SQL code ++ // to the end of the $pm_sql_user variable. ++ // This is fixed below. ++ // ++ // -shaun2k2 ++ // ++ $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " + AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) + OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . " + AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) |