diff options
| author | Ion-Mihai Tetcu <itetcu@FreeBSD.org> | 2006-06-06 10:30:47 +0000 |
|---|---|---|
| committer | Ion-Mihai Tetcu <itetcu@FreeBSD.org> | 2006-06-06 10:30:47 +0000 |
| commit | 6ebb546ade88ab20a9dd54734358e1bd081f55aa (patch) | |
| tree | da55e2ae962b5107f714c32cf4364e79feb5821c /mail/squirrelmail | |
| parent | ff52c8e2a376f9355fe6803d6bb1206bc94d5d53 (diff) | |
Notes
Diffstat (limited to 'mail/squirrelmail')
| -rw-r--r-- | mail/squirrelmail/Makefile | 3 | ||||
| -rw-r--r-- | mail/squirrelmail/files/patch-functions-global.php | 50 |
2 files changed, 52 insertions, 1 deletions
diff --git a/mail/squirrelmail/Makefile b/mail/squirrelmail/Makefile index c49d38845e78..3082794917ea 100644 --- a/mail/squirrelmail/Makefile +++ b/mail/squirrelmail/Makefile @@ -7,6 +7,7 @@ PORTNAME= squirrelmail PORTVERSION= 1.4.6 +PORTREVISION= 1 CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -57,7 +58,7 @@ pre-everything:: post-patch: .ifndef PATCH_DEBUG - @${RM} -f ${WRKSRC}/config/config_default.php.orig + @${RM} -f ${WRKSRC}/config/config_default.php.orig ${WRKSRC}/functions/global.php.orig .endif @${REINPLACE_CMD} -e 's|ispell|${LOCALBASE}/bin/ispell|g' \ ${WRKSRC}/plugins/squirrelspell/sqspell_config.php diff --git a/mail/squirrelmail/files/patch-functions-global.php b/mail/squirrelmail/files/patch-functions-global.php new file mode 100644 index 000000000000..9fd5e519cad7 --- /dev/null +++ b/mail/squirrelmail/files/patch-functions-global.php @@ -0,0 +1,50 @@ +--- functions/global.php.orig Fri Feb 3 22:27:47 2006 ++++ functions/global.php Tue Jun 6 10:12:22 2006 +@@ -62,6 +62,47 @@ + sqstripslashes($_POST); + } + ++/** ++ * If register_globals are on, unregister globals. ++ * Code requires PHP 4.1.0 or newer. ++ * Second test covers boolean set as string (php_value register_globals off). ++ */ ++if ((bool) @ini_get('register_globals') && ++ strtolower(ini_get('register_globals'))!='off') { ++ /** ++ * Remove all globals from $_GET, $_POST, and $_COOKIE. ++ */ ++ foreach ($_REQUEST as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++ /** ++ * Remove globalized $_FILES variables ++ * Before 4.3.0 $_FILES are included in $_REQUEST. ++ * Unglobalize them in separate call in order to remove dependency ++ * on PHP version. ++ */ ++ foreach ($_FILES as $key => $value) { ++ unset($GLOBALS[$key]); ++ // there are three undocumented $_FILES globals. ++ unset($GLOBALS[$key.'_type']); ++ unset($GLOBALS[$key.'_name']); ++ unset($GLOBALS[$key.'_size']); ++ } ++ /** ++ * Remove globalized environment variables. ++ */ ++ foreach ($_ENV as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++ /** ++ * Remove globalized server variables. ++ */ ++ foreach ($_SERVER as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++} ++ ++ + /* strip any tags added to the url from PHP_SELF. + This fixes hand crafted url XXS expoits for any + page that uses PHP_SELF as the FORM action */ |