head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2012.03.22.14.56.20;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2012.03.13.03.16.30;	author taca;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2012.03.13.03.16.30;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2012.03.14.17.42.33;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Remove contao29.

Please switch to contao211 (or contao210).
@
text
@$NetBSD: patch-system_initialize.php,v 1.1 2012/03/13 03:16:30 taca Exp $

* More strict check against POST.

--- system/initialize.php.orig	2011-03-04 14:13:25.000000000 +0000
+++ system/initialize.php
@@@@ -157,7 +157,7 @@@@ else
 /**
  * Check referer address if there are $_POST variables
  */
-if ($_POST && !$GLOBALS['TL_CONFIG']['disableRefererCheck'])
+if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$GLOBALS['TL_CONFIG']['disableRefererCheck'])
 {
 	$self = parse_url($objEnvironment->url);
 	$referer = parse_url($objEnvironment->httpReferer);
@


1.1
log
@Add a little experimental fix to prevent CSRF.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-system_initialize.php was added on branch pkgsrc-2011Q4 on 2012-03-14 17:42:33 +0000
@
text
@d1 15
@


1.1.2.2
log
@Pullup ticket #3703 - requested by taca
www/contao29: security patch

Revisions pulled up:
- www/contao29/Makefile                                         1.20
- www/contao29/distinfo                                         1.12
- www/contao29/patches/patch-system_initialize.php              1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Mar 13 03:16:30 UTC 2012

   Modified Files:
   	pkgsrc/www/contao29: Makefile distinfo
   Added Files:
   	pkgsrc/www/contao29/patches: patch-system_initialize.php

   Log Message:
   Add a little experimental fix to prevent CSRF.

   Bump PKGREVISION.
@
text
@a0 15
$NetBSD$

* More strict check against POST.

--- system/initialize.php.orig	2011-03-04 14:13:25.000000000 +0000
+++ system/initialize.php
@@@@ -157,7 +157,7 @@@@ else
 /**
  * Check referer address if there are $_POST variables
  */
-if ($_POST && !$GLOBALS['TL_CONFIG']['disableRefererCheck'])
+if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$GLOBALS['TL_CONFIG']['disableRefererCheck'])
 {
 	$self = parse_url($objEnvironment->url);
 	$referer = parse_url($objEnvironment->httpReferer);
@