head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.6
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.4
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.2
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q3:1.1.0.10
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.8
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.6
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.4
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2011.11.08.12.15.54;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2011.01.06.14.23.41;	author taca;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2011.01.06.14.23.41;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2011.01.08.15.01.11;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Remove typolight28 packages, please migrate to contao210 package now.
@
text
@$NetBSD: patch-ae,v 1.1 2011/01/06 14:23:41 taca Exp $

* Prevent the X_FORWARDED_FOR header against XSS attacks, from repository r587.

--- system/libraries/Environment.php.orig	2010-04-12 15:52:19.000000000 +0000
+++ system/libraries/Environment.php
@@@@ -312,7 +312,11 @@@@ class Environment
 	 */
 	protected function ip()
 	{
-		return !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
+        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^[A-Fa-f0-9, \.\:]+$/', $_SERVER['HTTP_X_FORWARDED_FOR']))
+		{
+			return $_SERVER['HTTP_X_FORWARDED_FOR'];
+		}
+		return $_SERVER['REMOTE_ADDR'];
 	}
 
 
@


1.1
log
@Add the same patch of Comment module as Contao 2.9.3.
Changes are derived from Conao's repository.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ae was added on branch pkgsrc-2010Q3 on 2011-01-08 15:01:11 +0000
@
text
@d1 19
@


1.1.2.2
log
@Pullup ticket #3318 - requested by taca
www/typolight28: security patch

Revisions pulled up:
- www/typolight28/Makefile			1.12
- www/typolight28/distinfo			1.10
- www/typolight28/patches/patch-ae		1.1
- www/typolight28/patches/patch-af		1.1
---
Mommitted By:	taca
Date:		Thu Jan  6 14:23:41 UTC 2011

Modified Files:
	pkgsrc/www/typolight28: Makefile distinfo
Added Files:
	pkgsrc/www/typolight28/patches: patch-ae patch-af

Log Message:
Add the same patch of Comment module as Contao 2.9.3.
Changes are derived from Conao's repository.

Bump PKGREVISION.
@
text
@a0 19
$NetBSD: patch-ae,v 1.1 2011/01/06 14:23:41 taca Exp $

* Prevent the X_FORWARDED_FOR header against XSS attacks, from repository r587.

--- system/libraries/Environment.php.orig	2010-04-12 15:52:19.000000000 +0000
+++ system/libraries/Environment.php
@@@@ -312,7 +312,11 @@@@ class Environment
 	 */
 	protected function ip()
 	{
-		return !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
+        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^[A-Fa-f0-9, \.\:]+$/', $_SERVER['HTTP_X_FORWARDED_FOR']))
+		{
+			return $_SERVER['HTTP_X_FORWARDED_FOR'];
+		}
+		return $_SERVER['REMOTE_ADDR'];
 	}
 
 
@