head	1.1;
access;
symbols
	pkgsrc-2013Q2:1.1.0.10
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2012Q4:1.1.0.8
	pkgsrc-2012Q4-base:1.1
	pkgsrc-2011Q4:1.1.0.6
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q2:1.1.0.4
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2010Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2010.08.12.10.12.51;	author tron;	state dead;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.08.12.10.12.51;	author tron;	state Exp;
branches;
next	;


desc
@@


1.1
log
@file patch-ab was initially added on branch pkgsrc-2010Q2.
@
text
@@


1.1.2.1
log
@Pullup ticket #3204 - requested by taca
www/typolight27: security patch

Revisions pulled up:
- www/typolight27/Makefile			patch
- www/typolight27/distinfo			patch
- www/typolight27/patches/patch-ab		new file
---
Apply patch to fix XSS vulnerability.
@
text
@a0 23
$NetBSD$

Fix for CSS from repository, r507.

--- system/modules/frontend/Frontend.php.orig	2009-04-30 18:32:53.000000000 +0000
+++ system/modules/frontend/Frontend.php
@@@@ -165,8 +165,16 @@@@ abstract class Frontend extends Controll
 	protected function addToUrl($strRequest)
 	{
 		$arrGet = $_GET;
+
+		// Clean the $_GET values (thanks to thyon)
+		foreach (array_keys($arrGet) as $key)
+		{
+			$arrGet[$key] = $this->Input->get($key, true);
+		}
+
 		$arrFragments = preg_split('/&(amp;)?/i', $strRequest);
 
+		// Merge the new request string
 		foreach ($arrFragments as $strFragment)
 		{
 			$arrParams = explode('=', $strFragment);
@