head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.2
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2013Q1:1.1.0.4
	pkgsrc-2013Q1-base:1.1
	pkgsrc-2012Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2013.04.02.16.00.10;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2013.01.21.12.43.23;	author taca;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2013.01.21.12.43.23;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2013.01.23.20.18.31;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update phpldapadmin to 1.2.3.

* There was a mistake in patches/patch-lib_functions.php, droping "ssha"
  password type.

2012-10-01	Release 1.2.3  master RELEASE-1.2.3
2012-10-01	Update template to show multiselect values
2012-09-06	Language update from launchpad for 1.2.3 (also see #30)
2012-09-05	SF Bug #3531956 - Search / Show Attributes must be lowercase
2012-09-05	SF Bug #3518548 - Missing attributes on some custom forms
2012-09-05	SF Bug #3513210 - Export to VCARD only exports the last entry in the list
2012-09-05	SF Bug #3510648 - Cannot copy between servers
2012-09-05	SF Bug #3510114 - Unable to check passwords when samba hashes are in lowercase
2012-09-05	SF Bug #3452416 - templates <order> non-functional
2012-09-05	SF Bug #3427748 - value id is ignored in select attribute
2012-09-04	SF Bug #3448530 - Treat krbExtraData and krbPrincipalKe as binary
2012-09-02	SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables
2012-09-02	SF Bug #3426575 - clicking 'logout' does not unset _SESSION['ACTIVITY']
2012-09-01	SF Feature #3555472 - User-friendly items in entry chooser window.
2012-09-01	SF Feature #3509651 - Add support for SHA512 with OpenLDAP
2012-08-29	SF Patch #3469148 - Display mass edit actions as buttons
2012-01-24	SF Bug #3477910 - XSS vulnerability in query
@
text
@$NetBSD: patch-htdocs_add__value__form.php,v 1.1 2013/01/21 12:43:23 taca Exp $

* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository,
	74434e5ca3fb66018fad60766f833f15689fcbfc.

--- htdocs/add_value_form.php.orig	2011-10-27 02:07:09.000000000 +0000
+++ htdocs/add_value_form.php
@@@@ -34,7 +34,7 @@@@ if ($request['attribute']->isReadOnly())
 # Render the form
 if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
 	# Render the form.
-	$request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),$request['attr'],_('value to'),get_rdn($request['dn'])));
+    $request['page']->drawTitle(sprintf(_('Add new <b>%s</b> value to <b>%s</b>'), htmlspecialchars($request['attr']),htmlspecialchars(get_rdn($request['dn']))));
 	$request['page']->drawSubTitle();
 
 	if (! strcasecmp($request['attr'],'objectclass')) {
@


1.1
log
@Add some patches from development repository.

* Add fix for CVE-2012-1114/CVE-2012-1115 from repository.
* Unset $_SESSION['ACTIVITY'] on logout from repository.
* Fix XSS in query from repository.
* Add support for SHA512 with OpenLDAP from repository.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-htdocs_add__value__form.php was added on branch pkgsrc-2012Q4 on 2013-01-23 20:18:31 +0000
@
text
@d1 16
@


1.1.2.2
log
@Pullup ticket #4033 - requested by taca
pkgsrc/databases/phpldapadmin: security patch

Revisions pulled up:
- databases/phpldapadmin/Makefile                               1.34
- databases/phpldapadmin/distinfo                               1.12-1.13
- databases/phpldapadmin/patches/patch-htdocs_add__value__form.php 1.1
- databases/phpldapadmin/patches/patch-htdocs_export.php        1.1
- databases/phpldapadmin/patches/patch-htdocs_logout.php        1.1
- databases/phpldapadmin/patches/patch-lib_QueryRender.php      1.1-1.2
- databases/phpldapadmin/patches/patch-lib_export__functions.php 1.1
- databases/phpldapadmin/patches/patch-lib_functions.php        1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jan 21 12:43:23 UTC 2013

   Modified Files:
   	pkgsrc/databases/phpldapadmin: Makefile distinfo
   Added Files:
   	pkgsrc/databases/phpldapadmin/patches:
   	    patch-htdocs_add__value__form.php patch-htdocs_export.php
   	    patch-htdocs_logout.php patch-lib_QueryRender.php
   	    patch-lib_export__functions.php patch-lib_functions.php

   Log Message:
   Add some patches from development repository.

   * Add fix for CVE-2012-1114/CVE-2012-1115 from repository.
   * Unset $_SESSION['ACTIVITY'] on logout from repository.
   * Fix XSS in query from repository.
   * Add support for SHA512 with OpenLDAP from repository.

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Tue Jan 22 11:49:33 UTC 2013

   Modified Files:
   	pkgsrc/databases/phpldapadmin: distinfo
   	pkgsrc/databases/phpldapadmin/patches: patch-lib_QueryRender.php

   Log Message:
   Note CVE-2012-0834
@
text
@a0 16
$NetBSD$

* Fix XSS for CVE-2012-1114/CVE-2012-1115 from repository,
	74434e5ca3fb66018fad60766f833f15689fcbfc.

--- htdocs/add_value_form.php.orig	2011-10-27 02:07:09.000000000 +0000
+++ htdocs/add_value_form.php
@@@@ -34,7 +34,7 @@@@ if ($request['attribute']->isReadOnly())
 # Render the form
 if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
 	# Render the form.
-	$request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),$request['attr'],_('value to'),get_rdn($request['dn'])));
+    $request['page']->drawTitle(sprintf(_('Add new <b>%s</b> value to <b>%s</b>'), htmlspecialchars($request['attr']),htmlspecialchars(get_rdn($request['dn']))));
 	$request['page']->drawSubTitle();
 
 	if (! strcasecmp($request['attr'],'objectclass')) {
@