diff options
| author | Pav Lucistnik <pav@FreeBSD.org> | 2004-03-30 21:33:26 +0000 |
|---|---|---|
| committer | Pav Lucistnik <pav@FreeBSD.org> | 2004-03-30 21:33:26 +0000 |
| commit | cd168f5792f25c6b263960163accd59df744a126 (patch) | |
| tree | 189d6b7a62c761007f870a5deab78e6f95320529 /www | |
| parent | a8ade8504e283865b88e5c04ae13b98d2c8c1f25 (diff) | |
| download | ports-cd168f5792f25c6b263960163accd59df744a126.tar.gz ports-cd168f5792f25c6b263960163accd59df744a126.zip | |
Notes
Diffstat (limited to 'www')
| -rw-r--r-- | www/phpbb/Makefile | 5 | ||||
| -rw-r--r-- | www/phpbb/distinfo | 4 | ||||
| -rw-r--r-- | www/phpbb/files/patch-privmsg.php | 21 |
3 files changed, 4 insertions, 26 deletions
diff --git a/www/phpbb/Makefile b/www/phpbb/Makefile index 6c3ae5896e9d..fc6179e74509 100644 --- a/www/phpbb/Makefile +++ b/www/phpbb/Makefile @@ -7,11 +7,11 @@ PORTNAME= phpbb PORTVERSION= 2.0.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} -DISTNAME= phpBB-${PORTVERSION} +DISTNAME= phpBB-${PORTVERSION}a MAINTAINER= liukang@bjpu.edu.cn COMMENT= A PHP-based bulletin board / discussion forum system @@ -61,7 +61,6 @@ pre-everything:: post-patch: @ ${REINPLACE_CMD} -e "s#\.\./templates#/${PHPBBURL}/templates#" \ ${WRKSRC}/docs/*.html - @ ${RM} ${WRKSRC}/*.orig post-configure: @ ${SED} \ diff --git a/www/phpbb/distinfo b/www/phpbb/distinfo index 050536fddfb9..e2f7b0a1cd95 100644 --- a/www/phpbb/distinfo +++ b/www/phpbb/distinfo @@ -1,2 +1,2 @@ -MD5 (phpBB-2.0.8.tar.bz2) = 20d9e163e3f3b575639c2a1fbd9e8690 -SIZE (phpBB-2.0.8.tar.bz2) = 456585 +MD5 (phpBB-2.0.8a.tar.bz2) = 44d33a5851800f8f278d3c100fb2fcb3 +SIZE (phpBB-2.0.8a.tar.bz2) = 457308 diff --git a/www/phpbb/files/patch-privmsg.php b/www/phpbb/files/patch-privmsg.php deleted file mode 100644 index ae3bd897de5f..000000000000 --- a/www/phpbb/files/patch-privmsg.php +++ /dev/null @@ -1,21 +0,0 @@ ---- privmsg.php 2004-03-18 19:51:32.000000000 +0000 -+++ privmsg.1.php 2004-03-26 19:51:07.000000000 +0000 -@@ -212,7 +212,17 @@ - break; - case 'savebox': - $l_box_name = $lang['Savebox']; -- $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " -+ -+ // -+ // For some obscure reason, the assignment -+ // concatenation operator was coded below, which -+ // allowed an attacker to append arbitrary SQL code -+ // to the end of the $pm_sql_user variable. -+ // This is fixed below. -+ // -+ // -shaun2k2 -+ // -+ $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " - AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) - OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . " - AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) |