head 1.2; access; symbols pkgsrc-2024Q1:1.1.0.16 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.14 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.12 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.10 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.8 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.6 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.4 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.2 pkgsrc-2022Q2-base:1.1; locks; strict; comment @# @; 1.2 date 2024.05.08.21.32.19; author khorben; state dead; branches; next 1.1; commitid s6avpFPjuIYP2f9F; 1.1 date 2022.04.16.03.11.28; author khorben; state Exp; branches 1.1.16.1; next ; commitid YnlKa1hpkiM6anAD; 1.1.16.1 date 2024.06.07.13.52.43; author bsiegert; state dead; branches; next ; commitid NKAXcmd6MwCPy3dF; desc @@ 1.2 log @phpldapadmin: update to version 1.2.6.7 This fixes an XSS vulnerability when importing using a file upload without a valid LDIF. Tested on NetBSD/amd64, Darwin/amd64. @ text @$NetBSD: patch-htdocs_expand.php,v 1.1 2022/04/16 03:11:28 khorben Exp $ --- htdocs/expand.php.orig 2012-10-01 06:54:14.000000000 +0000 +++ htdocs/expand.php @@@@ -19,7 +19,7 @@@@ $dn = get_request('dn','GET',true); $tree = get_cached_item($app['server']->getIndex(),'tree'); $entry = $tree->getEntry($dn); $entry->open(); -set_cached_item($app['server']->getIndex(),'tree','null',$tree); +set_cached_item($app['server']->getIndex(),$tree,'tree','null'); header(sprintf('Location:index.php?server_id=%s&junk=%s#%s%s', $app['server']->getIndex(),random_junk(),htmlid($app['server']->getIndex(),$dn),app_session_param())); @ 1.1 log @phpldapadmin: package version 1.2.6.3 This changes the upstream to leenooks/phpLDAPadmin on GitHub. This also includes a patch from Debian at https://packages.debian.org/source/sid/phpldapadmin (phpldapadmin_1.2.6.3-0.2.debian.tar.xz) in order to support newer versions of PHP. This package had become unusable with the version of PHP shipped by pkgsrc by default (7.4 as of today). Tested on NetBSD/amd64, Darwin/amd64. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.16.1 log @Pullup ticket #6857 - requested by taca databases/phpldapadmin: security fix Revisions pulled up: - databases/phpldapadmin/Makefile 1.48 - databases/phpldapadmin/distinfo 1.21 - databases/phpldapadmin/patches/patch-htdocs_collapse.php deleted - databases/phpldapadmin/patches/patch-htdocs_draw__tree__node.php deleted - databases/phpldapadmin/patches/patch-htdocs_expand.php deleted - databases/phpldapadmin/patches/patch-htdocs_refresh.php deleted - databases/phpldapadmin/patches/patch-lib_Attribute.php deleted - databases/phpldapadmin/patches/patch-lib_AttributeFactory.php deleted - databases/phpldapadmin/patches/patch-lib_BinaryAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_DateAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_DnAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_GidAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_MultiLineAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_ObjectClassAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_PLAAttribute.php 1.2 - databases/phpldapadmin/patches/patch-lib_PageRender.php deleted - databases/phpldapadmin/patches/patch-lib_PasswordAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_SelectionAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_ShadowAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_TemplateRender.php 1.3 - databases/phpldapadmin/patches/patch-lib_Tree.php deleted - databases/phpldapadmin/patches/patch-lib_Visitor.php deleted - databases/phpldapadmin/patches/patch-lib_common.php deleted - databases/phpldapadmin/patches/patch-lib_ds__ldap.php deleted - databases/phpldapadmin/patches/patch-lib_ds__ldap__pla.php deleted - databases/phpldapadmin/patches/patch-lib_functions.php deleted - databases/phpldapadmin/patches/patch-lib_page.php 1.1 - databases/phpldapadmin/patches/patch-lib_schema__functions.php 1.1 - databases/phpldapadmin/patches/patch-lib_xmlTemplates.php 1.2 --- Module Name: pkgsrc Committed By: khorben Date: Wed May 8 21:32:20 UTC 2024 Modified Files: pkgsrc/databases/phpldapadmin: Makefile distinfo pkgsrc/databases/phpldapadmin/patches: patch-lib_PLAAttribute.php patch-lib_xmlTemplates.php Added Files: pkgsrc/databases/phpldapadmin/patches: patch-lib_TemplateRender.php patch-lib_page.php patch-lib_schema__functions.php Removed Files: pkgsrc/databases/phpldapadmin/patches: patch-htdocs_collapse.php patch-htdocs_draw__tree__node.php patch-htdocs_expand.php patch-htdocs_refresh.php patch-lib_Attribute.php patch-lib_AttributeFactory.php patch-lib_BinaryAttribute.php patch-lib_DateAttribute.php patch-lib_DnAttribute.php patch-lib_GidAttribute.php patch-lib_MultiLineAttribute.php patch-lib_ObjectClassAttribute.php patch-lib_PageRender.php patch-lib_PasswordAttribute.php patch-lib_SelectionAttribute.php patch-lib_ShadowAttribute.php patch-lib_Tree.php patch-lib_Visitor.php patch-lib_common.php patch-lib_ds__ldap.php patch-lib_ds__ldap__pla.php patch-lib_functions.php Log Message: phpldapadmin: update to version 1.2.6.7 This fixes an XSS vulnerability when importing using a file upload without a valid LDIF. Tested on NetBSD/amd64, Darwin/amd64. @ text @d1 1 a1 1 $NetBSD: patch-htdocs_expand.php,v 1.1 2022/04/16 03:11:28 khorben Exp $ @