[pkgsrc/trunk]: pkgsrc/mail/roundcube Add minimum fix for XSS with HTTP_USER_...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b727c7d192ea
branches:  trunk
changeset: 609990:b727c7d192ea
user:      taca <taca%pkgsrc.org@localhost>
date:      Mon Oct 15 03:33:22 2012 +0000

description:
Add minimum fix for XSS with HTTP_USER_AGENT from the repository.

Bump PKGREVISION.

diffstat:

 mail/roundcube/Makefile                                    |   3 +-
 mail/roundcube/distinfo                                    |   3 +-
 mail/roundcube/patches/patch-program_steps_utils_error.inc |  15 ++++++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diffs (46 lines):

diff -r b3bd782fe18d -r b727c7d192ea mail/roundcube/Makefile
--- a/mail/roundcube/Makefile   Sun Oct 14 22:10:54 2012 +0000
+++ b/mail/roundcube/Makefile   Mon Oct 15 03:33:22 2012 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.47 2012/10/08 12:19:30 asau Exp $
+# $NetBSD: Makefile,v 1.48 2012/10/15 03:33:22 taca Exp $
 
 DISTNAME=      roundcubemail-0.8.1-dep
 PKGNAME=       ${DISTNAME:S/mail-/-/:S/-dep//}
+PKGREVISION=   1
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=roundcubemail/}
 
diff -r b3bd782fe18d -r b727c7d192ea mail/roundcube/distinfo
--- a/mail/roundcube/distinfo   Sun Oct 14 22:10:54 2012 +0000
+++ b/mail/roundcube/distinfo   Mon Oct 15 03:33:22 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2012/08/21 15:26:31 taca Exp $
+$NetBSD: distinfo,v 1.26 2012/10/15 03:33:22 taca Exp $
 
 SHA1 (roundcubemail-0.8.1-dep.tar.gz) = 3e9642800e7e5226057b54c61baba17f5ba75680
 RMD160 (roundcubemail-0.8.1-dep.tar.gz) = 92430f23b5241ef9cf8942d75455d2aba84fdc72
@@ -7,3 +7,4 @@
 SHA1 (patch-ab) = ac9f7ac488f9c309fd1b30a8ecec73e52b245c11
 SHA1 (patch-ac) = c25fc1c662bbdbde388165fe835e8af9b5665c5b
 SHA1 (patch-af) = e2bae396f049b2c5030f24e539b7f418a3d09d78
+SHA1 (patch-program_steps_utils_error.inc) = d2062e13762d33bcd8426c7c2db1f49e910b9d50
diff -r b3bd782fe18d -r b727c7d192ea mail/roundcube/patches/patch-program_steps_utils_error.inc
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/roundcube/patches/patch-program_steps_utils_error.inc        Mon Oct 15 03:33:22 2012 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-program_steps_utils_error.inc,v 1.1 2012/10/15 03:33:23 taca Exp $
+
+Minimum fix for XSS with HTTP_USER_AGENT from the repository.
+
+--- program/steps/utils/error.inc.orig 2012-08-17 19:34:07.000000000 +0000
++++ program/steps/utils/error.inc
+@@ -25,7 +25,7 @@
+ 
+ // browser is not compatible with this application
+ if ($ERROR_CODE==409) {
+-  $user_agent = $_SERVER['HTTP_USER_AGENT'];
++  $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']);
+   $__error_title = 'Your browser does not suit the requirements for this application';
+   $__error_text = <<<EOF
+ <i>Supported browsers:</i><br />