2 files changed, 12 insertions, 0 deletions

diff --git a/www/phpsysinfo-dev/Makefile b/www/phpsysinfo-dev/Makefile
index 34cc9f4297da..309c5cc3d87e 100644
--- a/www/phpsysinfo-dev/Makefile
+++ b/www/phpsysinfo-dev/Makefile
@@ -6,6 +6,7 @@
 
 PORTNAME=	phpSysInfo
 PORTVERSION=	2.5.3
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME:L}
diff --git a/www/phpsysinfo-dev/files/patch-xss-fix.diff b/www/phpsysinfo-dev/files/patch-xss-fix.diff
new file mode 100644
index 000000000000..4f525c29253b
--- /dev/null
+++ b/www/phpsysinfo-dev/files/patch-xss-fix.diff
@@ -0,0 +1,11 @@
+--- includes/system_footer.php.orig	Tue Jul 31 10:35:50 2007
++++ includes/system_footer.php	Tue Jul 31 10:35:52 2007
+@@ -29,7 +29,7 @@
+ 
+ if( ! $hide_picklist ) {
+ 	echo "<center>\n";
+-	$update_form = "<form method=\"POST\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "\t" . $text['template'] . ":&nbsp;\n" . "\t<select name=\"template\">\n";
++	$update_form = "<form method=\"POST\" action=\"" . htmlentities(strip_tags($_SERVER['PHP_SELF'])) . "\">\n" . "\t" . $text['template'] . ":&nbsp;\n" . "\t<select name=\"template\">\n";
+ 	
+ 	$resDir = opendir( APP_ROOT . '/templates/' );
+ 	while( false !== ( $strFile = readdir( $resDir ) ) ) {