Give the user a chance to disable our local anti-DoS patch, which

appears to be conflict with phpBB's built-in captcha functionality. Please note that this does not change the default behavior (patch phpBB for the DoS issue), and this is intentionally undocumented. Hopefully we can get rid of all these home-grown stuff as the phpBB make their 2.2-release. Requested by: Goyo Roth <sadangel@pow2clk.net> PR: ports/93204 Submitted by: delphij Approved by: Kang Liu <liukang@cn.FreeBSD.org> Approved by: mentor (sem)
svn path=/head/; revision=161622
2006-05-07 17:30:59 +00:00 · 2006-05-07 17:30:59 +00:00 · 048d6d4065 · 2021-03-31 03:12:20 +00:00
commit 048d6d4065
parent edab74313c
2 changed files with 8 additions and 0 deletions
--- a/www/phpbb/Makefile
+++ b/www/phpbb/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	phpbb
 PORTVERSION=	2.0.20
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@ -31,6 +32,13 @@ WWWGRP?=	www
 #
 # End of user-configurable variables.

+# XXX The phpBB folks does not seem to care about the session table DoS
+#     issue.  You can disable the patch at your own risk to make the
+#     visual authentication work.
+.if !defined(WITHOUT_ANTI_SESSIONTAB_DOS_PATCH)
+EXTRA_PATCHES=	${FILESDIR}/security-patch-includes-sessions.php
+.endif
+
 # Set/override/append to variables from bsd.port.mk:
 #
 WRKSRC=		${WRKDIR}/phpBB2
--- a/www/phpbb/files/security-patch-includes-sessions.php
+++ b/www/phpbb/files/security-patch-includes-sessions.php