head 1.2;
access;
symbols
pkgsrc-2024Q1:1.1.0.16
pkgsrc-2024Q1-base:1.1
pkgsrc-2023Q4:1.1.0.14
pkgsrc-2023Q4-base:1.1
pkgsrc-2023Q3:1.1.0.12
pkgsrc-2023Q3-base:1.1
pkgsrc-2023Q2:1.1.0.10
pkgsrc-2023Q2-base:1.1
pkgsrc-2023Q1:1.1.0.8
pkgsrc-2023Q1-base:1.1
pkgsrc-2022Q4:1.1.0.6
pkgsrc-2022Q4-base:1.1
pkgsrc-2022Q3:1.1.0.4
pkgsrc-2022Q3-base:1.1
pkgsrc-2022Q2:1.1.0.2
pkgsrc-2022Q2-base:1.1;
locks; strict;
comment @# @;
1.2
date 2024.05.08.21.32.20; author khorben; state dead;
branches;
next 1.1;
commitid s6avpFPjuIYP2f9F;
1.1
date 2022.04.16.03.11.28; author khorben; state Exp;
branches
1.1.16.1;
next ;
commitid YnlKa1hpkiM6anAD;
1.1.16.1
date 2024.06.07.13.52.43; author bsiegert; state dead;
branches;
next ;
commitid NKAXcmd6MwCPy3dF;
desc
@@
1.2
log
@phpldapadmin: update to version 1.2.6.7
This fixes an XSS vulnerability when importing using a file upload without a
valid LDIF.
Tested on NetBSD/amd64, Darwin/amd64.
@
text
@$NetBSD: patch-lib_Visitor.php,v 1.1 2022/04/16 03:11:28 khorben Exp $
--- lib/Visitor.php.orig 2012-10-01 06:54:14.000000000 +0000
+++ lib/Visitor.php
@@@@ -22,6 +22,15 @@@@ abstract class Visitor {
protected $server_id;
public function __call($method,$args) {
+ # This mapping array allows to map effective class names to
+ # function name suffixes.
+ # It has been introduced when class Attribute has been renamed
+ # to PLAAttribute to avoid a name clash with the built-in
+ # class of PHP 8.
+ # Entering a class name mapping here allows to rename the
+ # class without having to rename the methods too.
+ static $classmap = array('PLAAttribute' => 'Attribute');
+
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
debug_log('Entered (%%)',129,0,__FILE__,__LINE__,__METHOD__,$fargs);
@@@@ -33,19 +42,14 @@@@ abstract class Visitor {
$fnct = array_shift($args);
$object = $args[0];
- $class = get_class($object);
-
- $call = "$method$fnct$class";
-
- array_push($methods,$call);
- while ($class && ! method_exists($this,$call)) {
+ for ($class = get_class($object); $class; $class = get_parent_class($class)) {
+ $call = isset($classmap[$class])? "$method$fnct$classmap[$class]": "$method$fnct$class";
+ array_push($methods,$call);
+ if (method_exists($this,$call))
+ break;
if (defined('DEBUGTMP') && DEBUGTMP)
printf('Class (%s): Method doesnt exist (%s,%s)
',$class,get_class($this),$call);
-
- $class = get_parent_class($class);
- $call = "$method$fnct$class";
- array_push($methods,$call);
}
if (defined('DEBUGTMP') && DEBUGTMP)
@
1.1
log
@phpldapadmin: package version 1.2.6.3
This changes the upstream to leenooks/phpLDAPadmin on GitHub.
This also includes a patch from Debian at
https://packages.debian.org/source/sid/phpldapadmin
(phpldapadmin_1.2.6.3-0.2.debian.tar.xz) in order to support newer
versions of PHP. This package had become unusable with the version
of PHP shipped by pkgsrc by default (7.4 as of today).
Tested on NetBSD/amd64, Darwin/amd64.
@
text
@d1 1
a1 1
$NetBSD$
@
1.1.16.1
log
@Pullup ticket #6857 - requested by taca
databases/phpldapadmin: security fix
Revisions pulled up:
- databases/phpldapadmin/Makefile 1.48
- databases/phpldapadmin/distinfo 1.21
- databases/phpldapadmin/patches/patch-htdocs_collapse.php deleted
- databases/phpldapadmin/patches/patch-htdocs_draw__tree__node.php deleted
- databases/phpldapadmin/patches/patch-htdocs_expand.php deleted
- databases/phpldapadmin/patches/patch-htdocs_refresh.php deleted
- databases/phpldapadmin/patches/patch-lib_Attribute.php deleted
- databases/phpldapadmin/patches/patch-lib_AttributeFactory.php deleted
- databases/phpldapadmin/patches/patch-lib_BinaryAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_DateAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_DnAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_GidAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_MultiLineAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_ObjectClassAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_PLAAttribute.php 1.2
- databases/phpldapadmin/patches/patch-lib_PageRender.php deleted
- databases/phpldapadmin/patches/patch-lib_PasswordAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_SelectionAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_ShadowAttribute.php deleted
- databases/phpldapadmin/patches/patch-lib_TemplateRender.php 1.3
- databases/phpldapadmin/patches/patch-lib_Tree.php deleted
- databases/phpldapadmin/patches/patch-lib_Visitor.php deleted
- databases/phpldapadmin/patches/patch-lib_common.php deleted
- databases/phpldapadmin/patches/patch-lib_ds__ldap.php deleted
- databases/phpldapadmin/patches/patch-lib_ds__ldap__pla.php deleted
- databases/phpldapadmin/patches/patch-lib_functions.php deleted
- databases/phpldapadmin/patches/patch-lib_page.php 1.1
- databases/phpldapadmin/patches/patch-lib_schema__functions.php 1.1
- databases/phpldapadmin/patches/patch-lib_xmlTemplates.php 1.2
---
Module Name: pkgsrc
Committed By: khorben
Date: Wed May 8 21:32:20 UTC 2024
Modified Files:
pkgsrc/databases/phpldapadmin: Makefile distinfo
pkgsrc/databases/phpldapadmin/patches: patch-lib_PLAAttribute.php
patch-lib_xmlTemplates.php
Added Files:
pkgsrc/databases/phpldapadmin/patches: patch-lib_TemplateRender.php
patch-lib_page.php patch-lib_schema__functions.php
Removed Files:
pkgsrc/databases/phpldapadmin/patches: patch-htdocs_collapse.php
patch-htdocs_draw__tree__node.php patch-htdocs_expand.php
patch-htdocs_refresh.php patch-lib_Attribute.php
patch-lib_AttributeFactory.php patch-lib_BinaryAttribute.php
patch-lib_DateAttribute.php patch-lib_DnAttribute.php
patch-lib_GidAttribute.php patch-lib_MultiLineAttribute.php
patch-lib_ObjectClassAttribute.php patch-lib_PageRender.php
patch-lib_PasswordAttribute.php patch-lib_SelectionAttribute.php
patch-lib_ShadowAttribute.php patch-lib_Tree.php
patch-lib_Visitor.php patch-lib_common.php patch-lib_ds__ldap.php
patch-lib_ds__ldap__pla.php patch-lib_functions.php
Log Message:
phpldapadmin: update to version 1.2.6.7
This fixes an XSS vulnerability when importing using a file upload without a
valid LDIF.
Tested on NetBSD/amd64, Darwin/amd64.
@
text
@d1 1
a1 1
$NetBSD: patch-lib_Visitor.php,v 1.1 2022/04/16 03:11:28 khorben Exp $
@