head 1.3; access; symbols pkgsrc-2024Q1:1.2.0.16 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.2.0.14 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.12 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.10 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.2.0.8 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.6 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.4 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.2 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.1.0.52 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.50 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.48 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.46 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.44 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.42 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.40 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.36 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.16 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.38 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.34 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.32 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.30 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.28 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.26 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.24 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.22 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.20 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.18 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.14 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.12 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.10 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.8 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.6 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.4 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.2 pkgsrc-2015Q4-base:1.1; locks; strict; comment @# @; 1.3 date 2024.05.08.21.32.20; author khorben; state dead; branches; next 1.2; commitid s6avpFPjuIYP2f9F; 1.2 date 2022.04.16.03.11.28; author khorben; state Exp; branches 1.2.16.1; next 1.1; commitid YnlKa1hpkiM6anAD; 1.1 date 2015.11.29.11.25.53; author taca; state Exp; branches; next ; commitid 1Y74ed3ULhW5OYKy; 1.2.16.1 date 2024.06.07.13.52.43; author bsiegert; state dead; branches; next ; commitid NKAXcmd6MwCPy3dF; desc @@ 1.3 log @phpldapadmin: update to version 1.2.6.7 This fixes an XSS vulnerability when importing using a file upload without a valid LDIF. Tested on NetBSD/amd64, Darwin/amd64. @ text @$NetBSD: patch-lib_ds__ldap.php,v 1.2 2022/04/16 03:11:28 khorben Exp $ Fix for PHP 5.5 and later: https://bugzilla.redhat.com/show_bug.cgi?id=974928 --- lib/ds_ldap.php.orig 2022-04-15 22:45:43.000000000 +0000 +++ lib/ds_ldap.php @@@@ -1768,7 +1768,7 @@@@ class ldap extends DS { ksort($return); # cache the schema to prevent multiple schema fetches from LDAP server - set_cached_item($this->index,'schema','objectclasses',$return); + set_cached_item($this->index,$return,'schema','objectclasses'); } if (DEBUG_ENABLED) @@@@ -1953,7 +1953,7 @@@@ class ldap extends DS { $return = $attrs; # cache the schema to prevent multiple schema fetches from LDAP server - set_cached_item($this->index,'schema','attributes',$return); + set_cached_item($this->index,$return,'schema','attributes'); } if (DEBUG_ENABLED) @@@@ -2029,7 +2029,7 @@@@ class ldap extends DS { $return = $rules; # cache the schema to prevent multiple schema fetches from LDAP server - set_cached_item($this->index,'schema','matchingrules',$return); + set_cached_item($this->index,$return,'schema','matchingrules'); } if (DEBUG_ENABLED) @@@@ -2078,7 +2078,7 @@@@ class ldap extends DS { ksort($return); # cache the schema to prevent multiple schema fetches from LDAP server - set_cached_item($this->index,'schema','syntaxes',$return); + set_cached_item($this->index,$return,'schema','syntaxes'); } if (DEBUG_ENABLED) @ 1.2 log @phpldapadmin: package version 1.2.6.3 This changes the upstream to leenooks/phpLDAPadmin on GitHub. This also includes a patch from Debian at https://packages.debian.org/source/sid/phpldapadmin (phpldapadmin_1.2.6.3-0.2.debian.tar.xz) in order to support newer versions of PHP. This package had become unusable with the version of PHP shipped by pkgsrc by default (7.4 as of today). Tested on NetBSD/amd64, Darwin/amd64. @ text @d1 1 a1 1 $NetBSD: patch-lib_ds__ldap.php,v 1.1 2015/11/29 11:25:53 taca Exp $ @ 1.2.16.1 log @Pullup ticket #6857 - requested by taca databases/phpldapadmin: security fix Revisions pulled up: - databases/phpldapadmin/Makefile 1.48 - databases/phpldapadmin/distinfo 1.21 - databases/phpldapadmin/patches/patch-htdocs_collapse.php deleted - databases/phpldapadmin/patches/patch-htdocs_draw__tree__node.php deleted - databases/phpldapadmin/patches/patch-htdocs_expand.php deleted - databases/phpldapadmin/patches/patch-htdocs_refresh.php deleted - databases/phpldapadmin/patches/patch-lib_Attribute.php deleted - databases/phpldapadmin/patches/patch-lib_AttributeFactory.php deleted - databases/phpldapadmin/patches/patch-lib_BinaryAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_DateAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_DnAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_GidAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_MultiLineAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_ObjectClassAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_PLAAttribute.php 1.2 - databases/phpldapadmin/patches/patch-lib_PageRender.php deleted - databases/phpldapadmin/patches/patch-lib_PasswordAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_SelectionAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_ShadowAttribute.php deleted - databases/phpldapadmin/patches/patch-lib_TemplateRender.php 1.3 - databases/phpldapadmin/patches/patch-lib_Tree.php deleted - databases/phpldapadmin/patches/patch-lib_Visitor.php deleted - databases/phpldapadmin/patches/patch-lib_common.php deleted - databases/phpldapadmin/patches/patch-lib_ds__ldap.php deleted - databases/phpldapadmin/patches/patch-lib_ds__ldap__pla.php deleted - databases/phpldapadmin/patches/patch-lib_functions.php deleted - databases/phpldapadmin/patches/patch-lib_page.php 1.1 - databases/phpldapadmin/patches/patch-lib_schema__functions.php 1.1 - databases/phpldapadmin/patches/patch-lib_xmlTemplates.php 1.2 --- Module Name: pkgsrc Committed By: khorben Date: Wed May 8 21:32:20 UTC 2024 Modified Files: pkgsrc/databases/phpldapadmin: Makefile distinfo pkgsrc/databases/phpldapadmin/patches: patch-lib_PLAAttribute.php patch-lib_xmlTemplates.php Added Files: pkgsrc/databases/phpldapadmin/patches: patch-lib_TemplateRender.php patch-lib_page.php patch-lib_schema__functions.php Removed Files: pkgsrc/databases/phpldapadmin/patches: patch-htdocs_collapse.php patch-htdocs_draw__tree__node.php patch-htdocs_expand.php patch-htdocs_refresh.php patch-lib_Attribute.php patch-lib_AttributeFactory.php patch-lib_BinaryAttribute.php patch-lib_DateAttribute.php patch-lib_DnAttribute.php patch-lib_GidAttribute.php patch-lib_MultiLineAttribute.php patch-lib_ObjectClassAttribute.php patch-lib_PageRender.php patch-lib_PasswordAttribute.php patch-lib_SelectionAttribute.php patch-lib_ShadowAttribute.php patch-lib_Tree.php patch-lib_Visitor.php patch-lib_common.php patch-lib_ds__ldap.php patch-lib_ds__ldap__pla.php patch-lib_functions.php Log Message: phpldapadmin: update to version 1.2.6.7 This fixes an XSS vulnerability when importing using a file upload without a valid LDIF. Tested on NetBSD/amd64, Darwin/amd64. @ text @d1 1 a1 1 $NetBSD: patch-lib_ds__ldap.php,v 1.2 2022/04/16 03:11:28 khorben Exp $ @ 1.1 log @Allow work on PHP 5.5/5.6. Patch is based on patch on https://bugzilla.redhat.com/show_bug.cgi?id=974928. @ text @d1 1 a1 1 $NetBSD$ d6 1 a6 1 --- lib/ds_ldap.php.orig 2012-10-01 06:54:14.000000000 +0000 d8 2 a9 15 @@@@ -1117,12 +1117,14 @@@@ class ldap extends DS { if (is_array($dn)) { $a = array(); foreach ($dn as $key => $rdn) - $a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); + $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', + function ($matches) { return chr(hexdec($matches[1])); }, $rdn); return $a; } else - return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); + return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', + function ($matches) { return chr(hexdec($matches[1])); }, $dn); } d11 33 a43 1 public function getRootDSE($method=null) { @