Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/www-apps/websvn/files/31_CVE-2016-1236.patch
diff options
context:
space:
mode:
Diffstat (limited to 'www-apps/websvn/files/31_CVE-2016-1236.patch')
-rw-r--r--www-apps/websvn/files/31_CVE-2016-1236.patch61
1 files changed, 0 insertions, 61 deletions
diff --git a/www-apps/websvn/files/31_CVE-2016-1236.patch b/www-apps/websvn/files/31_CVE-2016-1236.patch
deleted file mode 100644
index 13ff2be66f86..000000000000
--- a/www-apps/websvn/files/31_CVE-2016-1236.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Description: CVE-2016-1236: XSS via directory or file in a repository containing XSS payload
-Origin: vendor
-Forwarded: no
-Author: Nitin Venkatesh <venkatesh.nitin@gmail.com>
-Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
-Last-Update: 2016-05-08
-
---- a/revision.php
-+++ b/revision.php
-@@ -145,7 +145,7 @@ if ($rep) {
- }
- $resourceExisted = $change->action == 'M' || $change->copyfrom;
- $listing[] = array(
-- 'path' => $change->path,
-+ 'path' => escape($change->path),
- 'oldpath' => $change->copyfrom ? $change->copyfrom.' @ '.$change->copyrev : '',
- 'action' => $change->action,
- 'added' => $change->action == 'A',
---- a/log.php
-+++ b/log.php
-@@ -323,6 +323,9 @@ if ($rep) {
- $listing[$index]['revadded'] = (isset($modpaths['A'])) ? implode('<br/>', $modpaths['A']) : '';
- $listing[$index]['revdeleted'] = (isset($modpaths['D'])) ? implode('<br/>', $modpaths['D']) : '';
- $listing[$index]['revmodified'] = (isset($modpaths['M'])) ? implode('<br/>', $modpaths['M']) : '';
-+ $listing[$index]['revadded'] = escape($listing[$index]['revadded']);
-+ $listing[$index]['revdeleted'] = escape($listing[$index]['revdeleted']);
-+ $listing[$index]['revmodified'] = escape($listing[$index]['revmodified']);
- }
-
- $row = 1 - $row;
---- a/comp.php
-+++ b/comp.php
-@@ -381,7 +381,7 @@ if ($rep) {
- $absnode .= $node;
- }
-
-- $listing[$index]['newpath'] = $absnode;
-+ $listing[$index]['newpath'] = escape($absnode);
-
- $listing[$index]['fileurl'] = $config->getURL($rep, $absnode, 'file').'rev='.$rev2;
-
---- a/listing.php
-+++ b/listing.php
-@@ -123,7 +123,7 @@ function showDirFiles($svnrep, $subs, $l
- $listing[$index]['level'] = ($treeview) ? $level : 0;
- $listing[$index]['node'] = 0; // t-node
- $listing[$index]['path'] = $path.$file;
-- $listing[$index]['filename'] = $file;
-+ $listing[$index]['filename'] = escape($file);
- if ($isDir) {
- $listing[$index]['fileurl'] = urlForPath($path.$file, $passRevString);
- } else {
-@@ -137,7 +137,7 @@ function showDirFiles($svnrep, $subs, $l
- }
-
- if ($treeview) {
-- $listing[$index]['compare_box'] = '<input type="checkbox" name="compare[]" value="'.$path.$file.'@'.$passrev.'" onclick="checkCB(this)" />';
-+ $listing[$index]['compare_box'] = '<input type="checkbox" name="compare[]" value="'.escape($path.$file).'@'.$passrev.'" onclick="checkCB(this)" />';
- }
- if ($config->showLastModInListing()) {
- $listing[$index]['committime'] = $entry->committime;