head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.10 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.6 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.2 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q1:1.1.0.10 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.8 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.6 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.4 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2009.05.21.14.34.36; author tonnerre; state dead; branches; next 1.1; 1.1 date 2008.07.25.00.53.58; author tonnerre; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.07.25.00.53.58; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.07.25.09.53.56; author tron; state Exp; branches; next ; desc @@ 1.2 log @Remove package sqlitemanager which is unmaintained upstream, full of security problems and has spent its last half year in eol-packages. @ text @$NetBSD: patch-ak,v 1.1 2008/07/25 00:53:58 tonnerre Exp $ --- include/defined.inc.php.orig 2006-04-18 13:25:53.000000000 +0200 +++ include/defined.inc.php @@@@ -45,7 +45,7 @@@@ $availableTheme = array("default", "gree $dbItems = array('Table', 'View', 'Trigger', 'Function'); if(isset($_POST['Theme'])) { - $localTheme = $_POST['Theme']; + $localtheme = $_POST['Theme']; setcookie('SQLiteManager_currentTheme',$_POST['Theme'],1719241200,'/'); $_COOKIE['SQLiteManager_currentTheme'] = $_POST['Theme']; echo ""; @@@@ -55,6 +55,8 @@@@ if(isset($_POST['Theme'])) { $localtheme = 'green'; } +if (preg_match("/[:\/]/", $localtheme)) die("Theme must be a directory name"); + // set cookie for FullText if(isset($_GET['fullText'])) { $allFullText = $_GET['fullText']; @ 1.1 log @Fix two SQLitemanager vulnerabilities (arbitrary remote file inclusion and directory traversal), CVE-2007-1232 an CVE-2008-0516. Update to 1.2.0 in order to make this possible at all. Also remove manu as maintainer as he suggested in mail. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ak was added on branch pkgsrc-2008Q2 on 2008-07-25 09:53:56 +0000 @ text @d1 22 @ 1.1.2.2 log @Pullup ticket #2461 - requested by tonnerre Revisions pulled up: databases/sqlitemanager/Makefile 1.8 databases/sqlitemanager/PLIST 1.3 databases/sqlitemanager/distinfo 1.3 databases/sqlitemanager/patches/patch-aa 1.1 databases/sqlitemanager/patches/patch-ab 1.1 databases/sqlitemanager/patches/patch-ac 1.1 databases/sqlitemanager/patches/patch-ad 1.1 databases/sqlitemanager/patches/patch-ae 1.1 databases/sqlitemanager/patches/patch-af 1.1 databases/sqlitemanager/patches/patch-ag 1.1 databases/sqlitemanager/patches/patch-ah 1.1 databases/sqlitemanager/patches/patch-ai 1.1 databases/sqlitemanager/patches/patch-aj 1.1 databases/sqlitemanager/patches/patch-ak 1.1 --- Module Name: pkgsrc Committed By: tonnerre Date: Fri Jul 25 00:53:58 UTC 2008 Modified Files: pkgsrc/databases/sqlitemanager: Makefile PLIST distinfo Added Files: pkgsrc/databases/sqlitemanager/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak Log Message: Fix two SQLitemanager vulnerabilities (arbitrary remote file inclusion and directory traversal), CVE-2007-1232 an CVE-2008-0516. Update to 1.2.0 in order to make this possible at all. Also remove manu as maintainer as he suggested in mail. @ text @a0 22 $NetBSD: patch-ak,v 1.1 2008/07/25 00:53:58 tonnerre Exp $ --- include/defined.inc.php.orig 2006-04-18 13:25:53.000000000 +0200 +++ include/defined.inc.php @@@@ -45,7 +45,7 @@@@ $availableTheme = array("default", "gree $dbItems = array('Table', 'View', 'Trigger', 'Function'); if(isset($_POST['Theme'])) { - $localTheme = $_POST['Theme']; + $localtheme = $_POST['Theme']; setcookie('SQLiteManager_currentTheme',$_POST['Theme'],1719241200,'/'); $_COOKIE['SQLiteManager_currentTheme'] = $_POST['Theme']; echo ""; @@@@ -55,6 +55,8 @@@@ if(isset($_POST['Theme'])) { $localtheme = 'green'; } +if (preg_match("/[:\/]/", $localtheme)) die("Theme must be a directory name"); + // set cookie for FullText if(isset($_GET['fullText'])) { $allFullText = $_GET['fullText']; @