Security fix for CVE-2012-3382, Mono "ProcessRequest()" Cross-Site Scripting Vulnerability

ok robert@ (MAINTAINER)

lang/mono/Makefile

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.71 2012/07/10 22:32:01 robert Exp $
+# $OpenBSD: Makefile,v 1.72 2012/07/13 16:59:15 jasper Exp $
 
 COMMENT=	cross platform, open source .NET developement framework
 
 DISTNAME=	mono-2.10.9
+REVISION=	0
 
 CATEGORIES=	lang devel
 

lang/mono/patches/patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs

@@ -0,0 +1,16 @@
+$OpenBSD: patch-mcs_class_System_Web_System_Web_HttpForbiddenHandler_cs,v 1.1 2012/07/13 16:59:15 jasper Exp $
+
+Security fix for CVE-2012-3382, Mono "ProcessRequest()" Cross-Site Scripting Vulnerability
+From upstream git: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2
+
+--- mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.orig	Fri Jul 13 16:36:05 2012
++++ mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs	Fri Jul 13 16:37:03 2012
+@@ -42,7 +42,7 @@ namespace System.Web
+ 				
+ 			throw new HttpException (403,
+ 						 "This type of page is not served.",
+-						 req != null ? req.Path : null,
++						 req != null ? HttpUtility.HtmlEncode (req.Path) : null,
+ 						 description);
+ 		}
+