head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.6 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.4 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.2 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.1.0.12 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.10 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.8 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.6 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.4 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.2; locks; strict; comment @# @; 1.4 date 2011.11.08.12.15.53; author taca; state dead; branches; next 1.3; 1.3 date 2011.10.10.16.35.36; author taca; state Exp; branches; next 1.2; 1.2 date 2011.10.07.12.29.42; author taca; state Exp; branches; next 1.1; 1.1 date 2010.07.28.16.24.20; author taca; state Exp; branches 1.1.2.1 1.1.12.1; next ; 1.1.2.1 date 2010.07.28.16.24.20; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2010.08.12.09.19.36; author tron; state Exp; branches; next ; 1.1.12.1 date 2011.10.08.09.26.21; author tron; state Exp; branches; next 1.1.12.2; 1.1.12.2 date 2011.10.10.18.21.57; author tron; state Exp; branches; next ; desc @@ 1.4 log @Remove typolight28 packages, please migrate to contao210 package now. @ text @$NetBSD: patch-ad,v 1.3 2011/10/10 16:35:36 taca Exp $ * Fix for CSS from repository, r507. * Fix potential XSS vulnerability, r1041 and r1044. --- system/modules/frontend/Frontend.php.orig 2010-04-19 10:22:31.000000000 +0000 +++ system/modules/frontend/Frontend.php @@@@ -78,14 +78,13 @@@@ abstract class Frontend extends Controll return is_numeric($this->Input->get('id')) ? $this->Input->get('id') : null; } - if (!strlen($this->Environment->request)) + if ($this->Environment->request == '') { return null; } $strRequest = preg_replace('/\?.*$/i', '', $this->Environment->request); $strRequest = preg_replace('/' . preg_quote($GLOBALS['TL_CONFIG']['urlSuffix'], '/') . '$/i', '', $strRequest); - $arrFragments = explode('/', $strRequest); // Skip index.php @@@@ -104,13 +103,15 @@@@ abstract class Frontend extends Controll } } - // Add fragments to $_GET array + $arrFragments = array_map('urldecode', $arrFragments); + + // Add the fragments to the $_GET array for ($i=1; $iInput->setGet($arrFragments[$i], $arrFragments[$i+1]); } - return strlen($arrFragments[0]) ? urldecode($arrFragments[0]) : null; + return ($arrFragments[0] != '') ? $arrFragments[0] : null; } @@@@ -158,7 +159,7 @@@@ abstract class Frontend extends Controll /** - * Overwrite parent method as front end URLs are handled differently + * Overwrite the parent method as front end URLs are handled differently * @@param string * @@param boolean * @@return string @@@@ -166,8 +167,16 @@@@ abstract class Frontend extends Controll protected function addToUrl($strRequest, $blnIgnoreParams=false) { $arrGet = $blnIgnoreParams ? array() : $_GET; + + // Clean the $_GET values (thanks to thyon) + foreach (array_keys($arrGet) as $key) + { + $arrGet[$key] = $this->Input->get($key, true); + } + $arrFragments = preg_split('/&(amp;)?/i', $strRequest); + // Merge the new request string foreach ($arrFragments as $strFragment) { list($key, $value) = explode('=', $strFragment); @@@@ -184,9 +193,22 @@@@ abstract class Frontend extends Controll $strParams = ''; + // Determine connector and separator + if ($GLOBALS['TL_CONFIG']['disableAlias']) + { + $strConnector = '&'; + $strSeparator = '='; + } + else + { + $strConnector = '/'; + $strSeparator = '/'; + } + + // Compile the parameters string foreach ($arrGet as $k=>$v) { - $strParams .= $GLOBALS['TL_CONFIG']['disableAlias'] ? '&' . $k . '=' . $v : '/' . $k . '/' . $v; + $strParams .= $strConnector . urlencode($k) . $strSeparator . urlencode($v); } // Do not use aliases @ 1.3 log @Add update patche to fix XSS from Contao's repository. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.2 2011/10/07 12:29:42 taca Exp $ @ 1.2 log @Add a patch based r1041 from the repository of Contao to fix potential XSS vulnerability. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.1 2010/07/28 16:24:20 taca Exp $ d4 1 a4 1 * Fix potential XSS vulnerability, r1041. d8 1 a8 1 @@@@ -78,7 +78,7 @@@@ abstract class Frontend extends Controll d17 8 a24 1 @@@@ -104,13 +104,15 @@@@ abstract class Frontend extends Controll d29 1 a29 1 + // DO NOT USE urldecode() HERE (XSS vulnerability)! d35 1 a35 1 + $_GET[$arrFragments[$i]] = $arrFragments[$i+1]; d43 10 a52 1 @@@@ -166,8 +168,16 @@@@ abstract class Frontend extends Controll d69 24 @ 1.1 log @Add a patch from Contao(TYPOlight) repository to fix possible XSS problem on frontend module. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 1 Fix for CSS from repository, r507. d8 29 a36 1 @@@@ -166,8 +166,16 @@@@ abstract class Frontend extends Controll @ 1.1.12.1 log @Pullup ticket #3532 - requested by taca www/typolight28: security patch Revisions pulled up: - www/typolight28/DESCR 1.3 - www/typolight28/Makefile 1.15 - www/typolight28/distinfo 1.11 - www/typolight28/patches/patch-ad 1.2 --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 7 12:29:42 UTC 2011 Modified Files: pkgsrc/www/typolight28: DESCR Makefile distinfo pkgsrc/www/typolight28/patches: patch-ad Log Message: Add a patch based r1041 from the repository of Contao to fix potential XSS vulnerability. Bump PKGREVISION. @ text @d3 1 a3 2 * Fix for CSS from repository, r507. * Fix potential XSS vulnerability, r1041. d7 1 a7 29 @@@@ -78,7 +78,7 @@@@ abstract class Frontend extends Controll return is_numeric($this->Input->get('id')) ? $this->Input->get('id') : null; } - if (!strlen($this->Environment->request)) + if ($this->Environment->request == '') { return null; } @@@@ -104,13 +104,15 @@@@ abstract class Frontend extends Controll } } - // Add fragments to $_GET array + // DO NOT USE urldecode() HERE (XSS vulnerability)! + + // Add the fragments to the $_GET array for ($i=1; $iEnvironment->request); $strRequest = preg_replace('/' . preg_quote($GLOBALS['TL_CONFIG']['urlSuffix'], '/') . '$/i', '', $strRequest); - $arrFragments = explode('/', $strRequest); // Skip index.php @@@@ -104,13 +103,15 @@@@ abstract class Frontend extends Controll d22 1 a22 1 + $arrFragments = array_map('urldecode', $arrFragments); d28 1 a28 1 + $this->Input->setGet($arrFragments[$i], $arrFragments[$i+1]); d36 1 a36 10 @@@@ -158,7 +159,7 @@@@ abstract class Frontend extends Controll /** - * Overwrite parent method as front end URLs are handled differently + * Overwrite the parent method as front end URLs are handled differently * @@param string * @@param boolean * @@return string @@@@ -166,8 +167,16 @@@@ abstract class Frontend extends Controll a52 24 @@@@ -184,9 +193,22 @@@@ abstract class Frontend extends Controll $strParams = ''; + // Determine connector and separator + if ($GLOBALS['TL_CONFIG']['disableAlias']) + { + $strConnector = '&'; + $strSeparator = '='; + } + else + { + $strConnector = '/'; + $strSeparator = '/'; + } + + // Compile the parameters string foreach ($arrGet as $k=>$v) { - $strParams .= $GLOBALS['TL_CONFIG']['disableAlias'] ? '&' . $k . '=' . $v : '/' . $k . '/' . $v; + $strParams .= $strConnector . urlencode($k) . $strSeparator . urlencode($v); } // Do not use aliases @ 1.1.2.1 log @file patch-ad was added on branch pkgsrc-2010Q2 on 2010-08-12 09:19:36 +0000 @ text @d1 23 @ 1.1.2.2 log @Pullup ticket #3203 - requested by taca www/typolight28: security update Revisions pulled up: - www/typolight28/Makefile 1.10-1.11 - www/typolight28/Makefile.version 1.7 - www/typolight28/distinfo 1.8-1.9 - www/typolight28/patches/patch-ad 1.1 --- Module Name: pkgsrc Committed By: taca Date: Sat Jul 3 04:00:09 UTC 2010 Modified Files: pkgsrc/www/typolight28: Makefile Makefile.version distinfo Log Message: Update typolight28 to 2.8.4. Version 2.8.4 (2010-06-30) -------------------------- - Back-ported the Safe Mode Hack improvements from version 2.9 --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 28 16:24:20 UTC 2010 Modified Files: pkgsrc/www/typolight28: Makefile distinfo Added Files: pkgsrc/www/typolight28/patches: patch-ad Log Message: Add a patch from Contao(TYPOlight) repository to fix possible XSS problem on frontend module. Bump PKGREVISION. @ text @a0 23 $NetBSD: patch-ad,v 1.1 2010/07/28 16:24:20 taca Exp $ Fix for CSS from repository, r507. --- system/modules/frontend/Frontend.php.orig 2010-04-19 10:22:31.000000000 +0000 +++ system/modules/frontend/Frontend.php @@@@ -166,8 +166,16 @@@@ abstract class Frontend extends Controll protected function addToUrl($strRequest, $blnIgnoreParams=false) { $arrGet = $blnIgnoreParams ? array() : $_GET; + + // Clean the $_GET values (thanks to thyon) + foreach (array_keys($arrGet) as $key) + { + $arrGet[$key] = $this->Input->get($key, true); + } + $arrFragments = preg_split('/&(amp;)?/i', $strRequest); + // Merge the new request string foreach ($arrFragments as $strFragment) { list($key, $value) = explode('=', $strFragment); @