author: Olli Hauer <ohauer@FreeBSD.org> 2012-07-28 20:44:43 +0000
committer: Olli Hauer <ohauer@FreeBSD.org> 2012-07-28 20:44:43 +0000
commit: 3dd9f499874b9ae5bd75883fc2f756f4f5e5b610 (patch)
tree: ebd739c4fa5abbc34418e1acdab2bf4dceced818 /german/bugzilla
parent: 317a0d703fb80d91b365cae1c8dbefc5c4106b14 (diff)
download: ports-3dd9f499874b9ae5bd75883fc2f756f4f5e5b610.tar.gz
ports-3dd9f499874b9ae5bd75883fc2f756f4f5e5b610.zip
2 files changed, 30 insertions, 2 deletions
diff --git a/german/bugzilla/Makefile b/german/bugzilla/Makefile
index 149bf1481646..9824eac7c3b2 100644
--- a/german/bugzilla/Makefile
+++ b/german/bugzilla/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	bugzilla
 PORTVERSION=	4.0.5
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	german
 MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=bugzilla-de/${PORTVERSION:R}/${PORTVERSION}
@@ -18,7 +18,7 @@ COMMENT=	German localization for Bugzilla
 
 RUN_DEPENDS=	bugzilla>=${PORTVERSION}:${PORTSDIR}/devel/bugzilla
 
-LATEST_LINK=	${PKGNAMEPREFIX}bugzilla${PKGNAMESUFFIX}
+LATEST_LINK=	${PKGNAMEPREFIX}bugzilla
 
 NO_WRKSUBDIR=	yes
 
diff --git a/german/bugzilla/files/patch_405-407 b/german/bugzilla/files/patch_405-407
new file mode 100644
index 000000000000..14da1494dbe5
--- /dev/null
+++ b/german/bugzilla/files/patch_405-407
@@ -0,0 +1,28 @@
+====================================================
+This patch is fix security issues in the german
+bugzilla language templates (4.0.5 -> 4.0.7)
+
+--- ./de/default/global/confirm-user-match.html.tmpl.orig	2012-07-27 21:42:53.000000000 +0200
++++ ./de/default/global/confirm-user-match.html.tmpl	2012-07-27 21:44:33.000000000 +0200
+@@ -159,8 +159,6 @@
+                 [% ELSE %]
+                   passte zu
+                   <b>[% query.value.users.0.identity FILTER html %]</b>
+-                  <input type="hidden" name="[% field.key FILTER html %]"
+-                         value="[% query.value.users.0.login FILTER html %]">
+                 [% END %]
+             [% ELSE %]
+                 [% IF (query.key.length < 3) && !Param('emailsuffix') %]
+@@ -186,8 +184,10 @@
+ 
+ [% IF matchsuccess == 1 %]
+ 
+-  [% SET exclude_these =
+-           matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %]
++  [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %]
++  [% FOREACH key IN matches.keys %]
++    [% exclude_these.push(key) IF cgi.param(key) == '' %]
++  [% END %]
+   [% SET exclude = '^' _ exclude_these.join('|') _ '$' %]
+   [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %]
+
author	Olli Hauer <ohauer@FreeBSD.org>	2012-07-28 20:44:43 +0000
committer	Olli Hauer <ohauer@FreeBSD.org>	2012-07-28 20:44:43 +0000
commit	3dd9f499874b9ae5bd75883fc2f756f4f5e5b610 (patch)
tree	ebd739c4fa5abbc34418e1acdab2bf4dceced818 /german/bugzilla
parent	317a0d703fb80d91b365cae1c8dbefc5c4106b14 (diff)
download	ports-3dd9f499874b9ae5bd75883fc2f756f4f5e5b610.tar.gz ports-3dd9f499874b9ae5bd75883fc2f756f4f5e5b610.zip