Security fixes against multiple cross-site scripting (XSS)

vulnerabilities in phpldapadmin. CVE-2006-2016; from Debian GNU/Linux; ok mbalmer@, "no objection" sturm@
2006-05-21 19:15:08 +00:00 · 2006-05-21 19:15:08 +00:00 · ba90ce353a
commit ba90ce353a
parent 13695e603b
5 changed files with 60 additions and 3 deletions
--- a/www/phpldapadmin/Makefile
+++ b/www/phpldapadmin/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.5 2006/01/17 20:58:39 aanriot Exp $ 
+# $OpenBSD: Makefile,v 1.6 2006/05/21 19:15:08 aanriot Exp $ 

 COMMENT=	"web-based LDAP browser to manage LDAP servers"

 VERSION=	0.9.7
 DISTNAME=	phpldapadmin-${VERSION}
-PKGNAME=	${DISTNAME}p0
+PKGNAME=	${DISTNAME}p1
 CATEGORIES=	www
 HOMEPAGE=	http://phpldapadmin.sourceforge.net/	

@ -21,7 +21,6 @@ MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=phpldapadmin/}
 NO_BUILD=	Yes
 NO_REGRESS=	Yes
 PKG_ARCH=	*
-EXTRACT_ONLY=

 PREFIX=		/var/www
 INSTDIR=	${PREFIX}/${DISTNAME}
--- a/www/phpldapadmin/patches/patch-copy_form_php
+++ b/www/phpldapadmin/patches/patch-copy_form_php
@ -0,0 +1,22 @@
+$OpenBSD: patch-copy_form_php,v 1.1 2006/05/21 19:15:08 aanriot Exp $
+--- copy_form.php.orig	Sun May 21 13:24:35 2006
+++ copy_form.php	Sun May 21 13:26:14 2006
+@@ -56,15 +56,15 @@ if( is_array( $children ) && count( $chi
+ 
+ <body>
+ 
+-<h3 class="title"><?php echo $lang['copyf_title_copy'] . $rdn; ?></h3>
+-<h3 class="subtitle"><?php echo $lang['server']; ?>: <b><?php echo $ldapserver->name; ?></b> &nbsp;&nbsp;&nbsp; <?php echo $lang['distinguished_name']?>: <b><?php echo $dn; ?></b></h3>
+<h3 class="title"><?php echo $lang['copyf_title_copy'] . htmlspecialchars($rdn); ?></h3>
+<h3 class="subtitle"><?php echo $lang['server']; ?>: <b><?php echo $server_name; ?></b> &nbsp;&nbsp;&nbsp; <?php echo $lang['distinguished_name']?>: <b><?php echo html specialchars($dn); ?></b></h3>
+ 
+ <center>
+ <?php echo $lang['copyf_title_copy'] ?><b><?php echo htmlspecialchars( $rdn ); ?></b> <?php echo $lang['copyf_to_new_object']?>:<br />
+ <br />
+ 
+ <form action="copy.php" method="post" name="copy_form">
+-<input type="hidden" name="old_dn" value="<?php echo $dn; ?>" />
+<input type="hidden" name="old_dn" value="<?php echo htmlspecialchars($dn); ?>" />
+ <input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
+ 
+ <table style="border-spacing: 10px">
--- a/www/phpldapadmin/patches/patch-delete_form_php
+++ b/www/phpldapadmin/patches/patch-delete_form_php
@ -0,0 +1,12 @@
+$OpenBSD: patch-delete_form_php,v 1.1 2006/05/21 19:15:08 aanriot Exp $
+--- delete_form.php.orig	Sun May 21 13:29:00 2006
+++ delete_form.php	Sun May 21 13:30:34 2006
+@@ -69,7 +69,7 @@ include './header.php'; ?>
+ 		<td>
+ 		<center>
+ 			<form action="rdelete.php" method="post">
+-			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+			<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+ 			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
+ 			<input type="submit" class="scary" value="<?php echo sprintf( $lang['delete_all_x_objects'], $sub_tree_count ); ?>" />
+ 			</form>
--- a/www/phpldapadmin/patches/patch-login_php
+++ b/www/phpldapadmin/patches/patch-login_php
@ -0,0 +1,12 @@
+$OpenBSD: patch-login_php,v 1.1 2006/05/21 19:15:08 aanriot Exp $
+--- login.php.orig	Sun May 21 13:26:24 2006
+++ login.php	Sun May 21 13:28:36 2006
+@@ -30,7 +30,7 @@ $dn = isset( $_POST['login_dn'] ) ? $_PO
+ $uid = isset( $_POST['uid'] ) ? $_POST['uid'] : null;
+ $pass = isset( $_POST['login_pass'] ) ? $_POST['login_pass'] : null;
+ if ($ldapserver->isAnonBindAllowed())
+-	$anon_bind = isset( $_POST['anonymous_bind'] ) && $_POST['anonymous_bind'] == 'on' ? true : false;
+	$anon_bind = isset( $_POST['anonymous_bind'] ) && $_POST['anonymous_bind'] == 'on' && is_anonymous_bind_allowed($server_id) ? true : false
+ else
+ 	$anon_bind = false;
+ 
--- a/www/phpldapadmin/patches/patch-rename_form_php
+++ b/www/phpldapadmin/patches/patch-rename_form_php
@ -0,0 +1,12 @@
+$OpenBSD: patch-rename_form_php,v 1.1 2006/05/21 19:15:08 aanriot Exp $
+--- rename_form.php.orig	Sun May 21 13:30:59 2006
+++ rename_form.php	Sun May 21 13:31:17 2006
+@@ -36,7 +36,7 @@ include './header.php'; ?>
+ <center>
+ <form action="rename.php" method="post" class="edit_dn" />
+ <input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
+-<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+ <input type="text" name="new_rdn" size="30" value="<?php echo htmlspecialchars( ( $rdn ) ); ?>" />
+ <input class="update_dn" type="submit" value="<?php echo $lang['rename']; ?>" />
+ </form>