[pkgsrc/pkgsrc-2008Q1]: pkgsrc/www/horde Pullup ticket #2435 - requested by a...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a9d739e98ef7
branches:  pkgsrc-2008Q1
changeset: 540436:a9d739e98ef7
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Jun 26 19:44:35 2008 +0000

description:
Pullup ticket #2435 - requested by adrianp
Security patch for horde

Manually add backport of the following fix:
- http://lists.horde.org/archives/announce/2008/000415.html

diffstat:

 www/horde/Makefile         |   4 +++-
 www/horde/distinfo         |   3 ++-
 www/horde/patches/patch-ab |  17 +++++++++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diffs (53 lines):

diff -r 6d6044e24b47 -r a9d739e98ef7 www/horde/Makefile
--- a/www/horde/Makefile        Wed Jun 25 12:09:43 2008 +0000
+++ b/www/horde/Makefile        Thu Jun 26 19:44:35 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.53 2008/03/08 17:36:53 adrianp Exp $
+# $NetBSD: Makefile,v 1.53.2.1 2008/06/26 19:44:35 tron Exp $
 
 DISTNAME=      horde-3.1.7
+PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES=  http://ftp.horde.org/pub/horde/ \
                ftp://ftp.horde.org/pub/horde/
@@ -107,6 +108,7 @@
 
 do-build:
        ${RM} ${WRKSRC}/lib/Horde/Auth/login.php.orig
+       ${RM} ${WRKSRC}/services/obrowser/index.php.orig
        ${CP} ${FILESDIR}/horde.conf.dist ${WRKSRC}/horde.conf.dist
        ${CP} ${WRKSRC}/config/conf.xml ${WRKSRC}/config/conf.xml.dist
        ${FIND} ${WRKSRC} -name .htaccess -print | ${XARGS} ${RM} -f
diff -r 6d6044e24b47 -r a9d739e98ef7 www/horde/distinfo
--- a/www/horde/distinfo        Wed Jun 25 12:09:43 2008 +0000
+++ b/www/horde/distinfo        Thu Jun 26 19:44:35 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.20 2008/03/08 17:36:53 adrianp Exp $
+$NetBSD: distinfo,v 1.20.2.1 2008/06/26 19:44:35 tron Exp $
 
 SHA1 (horde-3.1.7.tar.gz) = b6666b35330082e0627b82fa30754751a082c115
 RMD160 (horde-3.1.7.tar.gz) = b0b8783c6955c59070dbb9db0ec4fe788b0dc220
 Size (horde-3.1.7.tar.gz) = 5288106 bytes
 SHA1 (patch-aa) = 9edb110586805d5efd84541b9d3821889967e785
+SHA1 (patch-ab) = 38fb9fb6126f546ac9821bda3731866c8daa957c
diff -r 6d6044e24b47 -r a9d739e98ef7 www/horde/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/horde/patches/patch-ab        Thu Jun 26 19:44:35 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ab,v 1.4.14.1 2008/06/26 19:44:35 tron Exp $
+
+--- services/obrowser/index.php.orig   2007-01-02 13:55:16.000000000 +0000
++++ services/obrowser/index.php
+@@ -90,10 +90,10 @@ foreach ($list as $path => $values) {
+     if (!empty($values['browseable'])) {
+         $url = Horde::applicationUrl('services/obrowser/');
+         $url = Util::addParameter($url, 'path', $path);
+-        $row['name'] = Horde::link($url) . $values['name'] . '</a>';
++      $row['name'] = Horde::link($url) . htmlspecialchars($values['name']) . '</a>';
+     } else {
+         $js = "return chooseObject('" . addslashes($path) . "');";
+-        $row['name'] = Horde::link('#', sprintf(_("Choose %s"), $values['name']), '', '', $js) . $values['name'] . '</a>';
++      $row['name'] = Horde::link('#', sprintf(_("Choose %s"), $values['name']), '', '', $js) . htmlspecialchars($values['name']) . '</a>';
+     }
+ 
+     $rows[] = $row;