[pkgsrc/trunk]: pkgsrc/www/geeklog Add a security fix for kses, HTML filter w...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c56c11ba89dc
branches:  trunk
changeset: 543468:c56c11ba89dc
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Jun 19 14:08:42 2008 +0000

description:
Add a security fix for kses, HTML filter which isn't used with default
configuration: http://www.geeklog.net/article.php/kses.

Also fix one pkglint warning.

Bump PKGREVISION.

diffstat:

 www/geeklog/Makefile         |   4 ++--
 www/geeklog/Makefile.common  |   3 ++-
 www/geeklog/distinfo         |   3 ++-
 www/geeklog/patches/patch-ah |  26 ++++++++++++++++++++++++++
 4 files changed, 32 insertions(+), 4 deletions(-)

diffs (70 lines):

diff -r ba0610117e3a -r c56c11ba89dc www/geeklog/Makefile
--- a/www/geeklog/Makefile      Thu Jun 19 12:38:45 2008 +0000
+++ b/www/geeklog/Makefile      Thu Jun 19 14:08:42 2008 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.17 2008/05/26 00:40:24 joerg Exp $
+# $NetBSD: Makefile,v 1.18 2008/06/19 14:08:42 taca Exp $
 #
 
 DISTNAME=      geeklog-${VER}
 PKGNAME=       geeklog-${VER:C/(sr|-)/./g}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    www
 MASTER_SITES=  http://www.geeklog.net/filemgmt/upload_dir/
 
diff -r ba0610117e3a -r c56c11ba89dc www/geeklog/Makefile.common
--- a/www/geeklog/Makefile.common       Thu Jun 19 12:38:45 2008 +0000
+++ b/www/geeklog/Makefile.common       Thu Jun 19 14:08:42 2008 +0000
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile.common,v 1.5 2008/06/19 12:38:45 taca Exp $
+# $NetBSD: Makefile.common,v 1.6 2008/06/19 14:08:42 taca Exp $
 #
+# used by www/geeklog/Makefile
 
 GEEKLOG_ADMIN=         ${GEEKLOG_BASE}/admin
 GEEKLOG_TMPL=          ${GEEKLOG_BASE}/default
diff -r ba0610117e3a -r c56c11ba89dc www/geeklog/distinfo
--- a/www/geeklog/distinfo      Thu Jun 19 12:38:45 2008 +0000
+++ b/www/geeklog/distinfo      Thu Jun 19 14:08:42 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2007/05/20 15:56:44 taca Exp $
+$NetBSD: distinfo,v 1.7 2008/06/19 14:08:42 taca Exp $
 
 SHA1 (geeklog-1.4.1.tar.gz) = c323c29b523598b97d7e0957435c0ec0c31cb290
 RMD160 (geeklog-1.4.1.tar.gz) = bfac9946b34d0254fedd3a54cf742b044d347a3c
@@ -7,3 +7,4 @@
 SHA1 (patch-ab) = 3cbc5f3845eaaf78c349e1bc82e8e792627a12db
 SHA1 (patch-ac) = e5523aab7a13f014ecb961a53f8d962115c4d7b4
 SHA1 (patch-ag) = 207ef0801d865ff16d2a99f0732ea0cb49ce2ad5
+SHA1 (patch-ah) = 376e1208f0ec332e9da243a9a475d5569158d6d3
diff -r ba0610117e3a -r c56c11ba89dc www/geeklog/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/geeklog/patches/patch-ah      Thu Jun 19 14:08:42 2008 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-ah,v 1.1 2008/06/19 14:08:42 taca Exp $
+
+A security fix for HTML filter: http://www.geeklog.net/article.php/kses.
+This problem will be fixed in Geeklog 1.5.0.
+
+--- system/classes/kses.class.php.orig 2006-05-15 14:49:44.000000000 +0900
++++ system/classes/kses.class.php
+@@ -941,12 +941,12 @@
+                        */
+                       function _bad_protocol_once($string)
+                       {
+-                              return preg_replace(
+-                                      '/^((&[^;]*;|[\sA-Za-z0-9])*)'.
+-                                      '(:|&#58;|&#[Xx]3[Aa];)\s*/e',
+-                                      '\$this->_bad_protocol_once2("\\1")',
+-                                      $string
+-                              );
++                 $string2 = preg_split('/:|&#58;|&#x3a;/i', $string, 2);
++                 if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
++                 {
++                   $string = $this->_bad_protocol_once2($string2[0]).trim($string2[1]);
++                 }
++                 return $string;
+                       }
+ 
+                       /**