From e8884641aa887b0e78331d9cdc9fcf7a0b9530b0 Mon Sep 17 00:00:00 2001
From: Chin-San Huang <chinsan@FreeBSD.org>
Date: Mon, 23 Jul 2007 10:57:28 +0000
Subject: - Fix an XSS vulnerability.  
 http://bugs.splitbrain.org/index.php?do=details&task_id=1195

Approved by:	rafan (mentor)
---
 www/dokuwiki/Makefile                           |  4 ++++
 www/dokuwiki/files/patch-lib-exe-spellcheck.php | 11 +++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 www/dokuwiki/files/patch-lib-exe-spellcheck.php

(limited to 'www/dokuwiki')

diff --git a/www/dokuwiki/Makefile b/www/dokuwiki/Makefile
index 7ebad5121054..8d62893d5cca 100644
--- a/www/dokuwiki/Makefile
+++ b/www/dokuwiki/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	dokuwiki
 PORTVERSION=	${DIST_VER:S/${PORTNAME}//:S/-//g}
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://www.splitbrain.org/_media/projects/dokuwiki/ \
 		LOCAL/chinsan/${PORTNAME}
@@ -36,6 +37,9 @@ x-generate-plist:
 		${SED} -e 's|^|@dirrm %%DOKUWIKI_DIR%%/|' >> ${TEMP_PLIST} \
 		&& ${ECHO_CMD} "@dirrmtry %%DOKUWIKI_DIR%%" >> ${TEMP_PLIST}
 
+post-patch:
+	@${REINPLACE_CMD} -ie 's|9|10|' ${WRKSRC}/conf/msg
+
 do-install:
 # Data files
 	-${MKDIR} ${PREFIX}/${DOKUWIKI_DIR}
diff --git a/www/dokuwiki/files/patch-lib-exe-spellcheck.php b/www/dokuwiki/files/patch-lib-exe-spellcheck.php
new file mode 100644
index 000000000000..a4d40ade8ae4
--- /dev/null
+++ b/www/dokuwiki/files/patch-lib-exe-spellcheck.php
@@ -0,0 +1,11 @@
+--- lib/exe/spellcheck.php.orig	2007-07-23 14:40:45.000000000 +0800
++++ lib/exe/spellcheck.php	2007-07-23 14:39:30.000000000 +0800
+@@ -272,7 +272,7 @@
+  * Just send data back as received for UTF-8 testing
+  */
+ function spell_utf8test(){
+-  print $_POST['data'];
++  print substr( $_POST['data'], 0, 3 );
+ }
+ 
+ /**
-- 
cgit v1.2.3