head 1.3; access; symbols pkgsrc-2024Q1:1.2.0.16 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.2.0.14 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.12 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.10 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.2.0.8 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.6 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.4 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.2 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.1.0.10 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.8 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.6 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.4 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.2 pkgsrc-2021Q1-base:1.1; locks; strict; comment @# @; 1.3 date 2024.05.08.21.32.19; author khorben; state dead; branches; next 1.2; commitid s6avpFPjuIYP2f9F; 1.2 date 2022.04.16.03.11.28; author khorben; state Exp; branches 1.2.16.1; next 1.1; commitid YnlKa1hpkiM6anAD; 1.1 date 2021.02.21.22.22.22; author khorben; state Exp; branches; next ; commitid llap5vf1ixRV0DIC; 1.2.16.1 date 2024.06.07.13.52.43; author bsiegert; state dead; branches; next ; commitid NKAXcmd6MwCPy3dF; desc @@ 1.3 log @phpldapadmin: update to version 1.2.6.7 This fixes an XSS vulnerability when importing using a file upload without a valid LDIF. Tested on NetBSD/amd64, Darwin/amd64. @ text @$NetBSD: patch-lib_PageRender.php,v 1.2 2022/04/16 03:11:28 khorben Exp $ Fix for PHP >= 5.5 --- lib/PageRender.php.orig 2022-04-15 22:45:43.000000000 +0000 +++ lib/PageRender.php @@@@ -827,7 +827,7 @@@@ class PageRender extends Visitor { if (! $attribute->getOldValue($i)) return; - draw_jpeg_photo($this->getServer(),$this->template->getDN(),$attribute->getName(),$i,false,false); + draw_jpeg_photo($this->getServer(),$this->template->getDN(),$i,$attribute->getName(),false,false); } /** @@@@ -844,16 +844,16 @@@@ class PageRender extends Visitor { # If the attribute is modified, the new value needs to be stored in a session variable for the draw_jpeg_photo callback. if ($attribute->hasBeenModified()) { $_SESSION['tmp'][$attribute->getName()][$i] = $attribute->getValue($i); - draw_jpeg_photo(null,$this->template->getDN(),$attribute->getName(),$i,false,false); + draw_jpeg_photo(null,$this->template->getDN(),$i,$attribute->getName(),false,false); } else - draw_jpeg_photo($this->getServer(),$this->template->getDN(),$attribute->getName(),$i,false,false); + draw_jpeg_photo($this->getServer(),$this->template->getDN(),$i,$attribute->getName(),false,false); } protected function drawFormReadOnlyValueJpegAttribute($attribute,$i) { $this->draw('HiddenValue',$attribute,$i); $_SESSION['tmp'][$attribute->getName()][$i] = $attribute->getValue($i); - draw_jpeg_photo(null,$this->template->getDN(),$attribute->getName(),$i,false,false); + draw_jpeg_photo(null,$this->template->getDN(),$i,$attribute->getName(),false,false); } protected function drawFormReadOnlyValueMultiLineAttribute($attribute,$i) { @ 1.2 log @phpldapadmin: package version 1.2.6.3 This changes the upstream to leenooks/phpLDAPadmin on GitHub. This also includes a patch from Debian at https://packages.debian.org/source/sid/phpldapadmin (phpldapadmin_1.2.6.3-0.2.debian.tar.xz) in order to support newer versions of PHP. This package had become unusable with the version of PHP shipped by pkgsrc by default (7.4 as of today). Tested on NetBSD/amd64, Darwin/amd64. @ text @d1 1 a1 1 $NetBSD: patch-lib_PageRender.php,v 1.1 2021/02/21 22:22:22 khorben Exp $ @ 1.2.16.1 log @Pullup ticket #6857 - requested by taca databases/phpldapadmin: security fix Revisions pulled up: - databases/phpldapadmin/Makefile 1.48 - databases/phpldapadmin/distinfo 1.21 - databases/phpldapadmin/patches/patch-htdocs_collapse.php deleted - databases/phpldapadmin/patches/patch-htdocs_draw__tree__node.php deleted - databases/phpldapadmin/patches/patch-htdocs_expand.php deleted - databases/phpldapadmin/patches/patch-htdocs_refresh.php deleted - databases/phpldapadmin/patches/patch-lib_Attribute.php deleted - databases/phpldapadmin/patches/patch-lib_AttributeFactory.php deleted - databases/phpldapadmin/patches/patch-lib_BinaryAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_DateAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_DnAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_GidAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_MultiLineAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_ObjectClassAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_PLAAttribute.php 1.2 - databases/phpldapadmin/patches/patch-lib_PageRender.php deleted - databases/phpldapadmin/patches/patch-lib_PasswordAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_SelectionAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_ShadowAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_TemplateRender.php 1.3 - databases/phpldapadmin/patches/patch-lib_Tree.php deleted - databases/phpldapadmin/patches/patch-lib_Visitor.php deleted - databases/phpldapadmin/patches/patch-lib_common.php deleted - databases/phpldapadmin/patches/patch-lib_ds__ldap.php deleted - databases/phpldapadmin/patches/patch-lib_ds__ldap__pla.php deleted - databases/phpldapadmin/patches/patch-lib_functions.php deleted - databases/phpldapadmin/patches/patch-lib_page.php 1.1 - databases/phpldapadmin/patches/patch-lib_schema__functions.php 1.1 - databases/phpldapadmin/patches/patch-lib_xmlTemplates.php 1.2 --- Module Name: pkgsrc Committed By: khorben Date: Wed May 8 21:32:20 UTC 2024 Modified Files: pkgsrc/databases/phpldapadmin: Makefile distinfo pkgsrc/databases/phpldapadmin/patches: patch-lib_PLAAttribute.php patch-lib_xmlTemplates.php Added Files: pkgsrc/databases/phpldapadmin/patches: patch-lib_TemplateRender.php patch-lib_page.php patch-lib_schema__functions.php Removed Files: pkgsrc/databases/phpldapadmin/patches: patch-htdocs_collapse.php patch-htdocs_draw__tree__node.php patch-htdocs_expand.php patch-htdocs_refresh.php patch-lib_Attribute.php patch-lib_AttributeFactory.php patch-lib_BinaryAttribute.php patch-lib_DateAttribute.php patch-lib_DnAttribute.php patch-lib_GidAttribute.php patch-lib_MultiLineAttribute.php patch-lib_ObjectClassAttribute.php patch-lib_PageRender.php patch-lib_PasswordAttribute.php patch-lib_SelectionAttribute.php patch-lib_ShadowAttribute.php patch-lib_Tree.php patch-lib_Visitor.php patch-lib_common.php patch-lib_ds__ldap.php patch-lib_ds__ldap__pla.php patch-lib_functions.php Log Message: phpldapadmin: update to version 1.2.6.7 This fixes an XSS vulnerability when importing using a file upload without a valid LDIF. Tested on NetBSD/amd64, Darwin/amd64. @ text @d1 1 a1 1 $NetBSD: patch-lib_PageRender.php,v 1.2 2022/04/16 03:11:28 khorben Exp $ @ 1.1 log @phpldapadmin: import fixes for PHP > 5.5, 7.2, 7.3 With help from the patches available at https://packages.debian.org/source/sid/phpldapadmin. @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- lib/PageRender.php.orig 2012-10-01 06:54:14.000000000 +0000 d7 27 a33 26 @@@@ -287,7 +287,7 @@@@ class PageRender extends Visitor { break; default: - $vals[$i] = password_hash($passwordvalue,$enc); + $vals[$i] = pla_password_hash($passwordvalue,$enc); } $vals = array_unique($vals); @@@@ -957,7 +957,7 @@@@ class PageRender extends Visitor { if (trim($val)) $enc_type = get_enc_type($val); else - $enc_type = $server->getValue('appearance','password_hash'); + $enc_type = $server->getValue('appearance','pla_password_hash'); $obfuscate_password = obfuscate_password_display($enc_type); @@@@ -982,7 +982,7 @@@@ class PageRender extends Visitor { if (trim($val)) $enc_type = get_enc_type($val); else - $enc_type = $server->getValue('appearance','password_hash'); + $enc_type = $server->getValue('appearance','pla_password_hash'); echo '
'; d35 1 @