head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2010.08.10.15.37.32;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2010.07.28.16.28.51;	author taca;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update contao29 package to 2.9.1.


Contao 2.9.1 is available
				August 9th, 2010 11:24 by Leo Feyer

Contao version 2.9.1 is available.

The maintenance release includes an important front end cache fix,
a front end preview link fix and various accessibility fixes.
It also fixes an XSS vulnerability in one of the framework functions,
so an update is highly recommended.
@
text
@$NetBSD: patch-ab,v 1.1 2010/07/28 16:28:51 taca Exp $

Fix for CSS from repository, r507.

--- system/modules/frontend/Frontend.php.orig	2010-04-19 10:22:31.000000000 +0000
+++ system/modules/frontend/Frontend.php
@@@@ -166,8 +166,16 @@@@ abstract class Frontend extends Controll
 	protected function addToUrl($strRequest, $blnIgnoreParams=false)
 	{
 		$arrGet = $blnIgnoreParams ? array() : $_GET;
+
+		// Clean the $_GET values (thanks to thyon)
+		foreach (array_keys($arrGet) as $key)
+		{
+			$arrGet[$key] = $this->Input->get($key, true);
+		}
+
 		$arrFragments = preg_split('/&(amp;)?/i', $strRequest);
 
+		// Merge the new request string
 		foreach ($arrFragments as $strFragment)
 		{
 			list($key, $value) = explode('=', $strFragment);
@


1.1
log
@Add two patches from Contao repository:

* Fix possible XSS problem on frontend module.
* Fix preview problem when URL rewriting is enabled.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@