[gentoo-commits] gentoo-x86 commit in dev-php/jpgraph/files: cve-2009-4422.patch - gentoo-commits

From:	"Matti Bickel (mabi)" <mabi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-php/jpgraph/files: cve-2009-4422.patch
Date:	Mon, 11 Jun 2012 15:13:13
Message-Id:	`20120611151254.57B7F2004C@flycatcher.gentoo.org`

1

mabi        12/06/11 15:12:54

2

3

  Added:                cve-2009-4422.patch

4

  Log:

5

  bump to fix security issue (bug #303745), also move jpgraph install path to /usr/share/php/jpgraph (losing the src part)

6

7

  (Portage version: 2.2.0_alpha110/cvs/Linux x86_64)

8

9

Revision  Changes    Path

10

1.1                  dev-php/jpgraph/files/cve-2009-4422.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-php/jpgraph/files/cve-2009-4422.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-php/jpgraph/files/cve-2009-4422.patch?rev=1.1&content-type=text/plain

14

15

Index: cve-2009-4422.patch

16

===================================================================

17

diff -ur jpgraph-3.0.7.orig/src/jpgraph.php jpgraph-3.0.7/src/jpgraph.php

18

--- jpgraph-3.0.7.orig/src/jpgraph.php	1970-01-01 10:13:08.000000000 +0100

19

+++ jpgraph-3.0.7/src/jpgraph.php	2012-06-11 14:55:18.557995018 +0200

20

@@ -1286,11 +1286,11 @@

21

         while( list($key,$value) = each($_GET) ) {

22

             if( is_array($value) ) {

23

                 foreach ( $value as $k => $v ) {

24

-                    $urlarg .= '&amp;'.$key.'%5B'.$k.'%5D='.urlencode($v);

25

+                    $urlarg .= '&amp;'.urlencode($key).'%5B'.$k.'%5D='.urlencode($v);

26

}

27

}

28

             else {

29

-                $urlarg .= '&amp;'.$key.'='.urlencode($value);

30

+                $urlarg .= '&amp;'.urlencode($key).'='.urlencode($value);

31

}

32

}

33

34

@@ -1301,11 +1301,11 @@

35

         while( list($key,$value) = each($_POST) ) {

36

             if( is_array($value) ) {

37

                 foreach ( $value as $k => $v ) {

38

-                    $urlarg .= '&amp;'.$key.'%5B'.$k.'%5D='.urlencode($v);

39

+                    $urlarg .= '&amp;'.htmlentities($key).'%5B'.$k.'%5D='.htmlentities($v);

40

}

41

}

42

             else {

43

-                $urlarg .= '&amp;'.$key.'='.urlencode($value);

44

+                $urlarg .= '&amp;'.htmlentities($key).'='.htmlentities($value);

45

}

46

}

1	mabi 12/06/11 15:12:54
2
3	Added: cve-2009-4422.patch
4	Log:
5	bump to fix security issue (bug #303745), also move jpgraph install path to /usr/share/php/jpgraph (losing the src part)
6
7	(Portage version: 2.2.0_alpha110/cvs/Linux x86_64)
8
9	Revision Changes Path
10	1.1 dev-php/jpgraph/files/cve-2009-4422.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-php/jpgraph/files/cve-2009-4422.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-php/jpgraph/files/cve-2009-4422.patch?rev=1.1&content-type=text/plain
14
15	Index: cve-2009-4422.patch
16	===================================================================
17	diff -ur jpgraph-3.0.7.orig/src/jpgraph.php jpgraph-3.0.7/src/jpgraph.php
18	--- jpgraph-3.0.7.orig/src/jpgraph.php 1970-01-01 10:13:08.000000000 +0100
19	+++ jpgraph-3.0.7/src/jpgraph.php 2012-06-11 14:55:18.557995018 +0200
20	@@ -1286,11 +1286,11 @@
21	while( list($key,$value) = each($_GET) ) {
22	if( is_array($value) ) {
23	foreach ( $value as $k => $v ) {
24	- $urlarg .= '&'.$key.'%5B'.$k.'%5D='.urlencode($v);
25	+ $urlarg .= '&'.urlencode($key).'%5B'.$k.'%5D='.urlencode($v);
26	}
27	}
28	else {
29	- $urlarg .= '&'.$key.'='.urlencode($value);
30	+ $urlarg .= '&'.urlencode($key).'='.urlencode($value);
31	}
32	}
33
34	@@ -1301,11 +1301,11 @@
35	while( list($key,$value) = each($_POST) ) {
36	if( is_array($value) ) {
37	foreach ( $value as $k => $v ) {
38	- $urlarg .= '&'.$key.'%5B'.$k.'%5D='.urlencode($v);
39	+ $urlarg .= '&'.htmlentities($key).'%5B'.$k.'%5D='.htmlentities($v);
40	}
41	}
42	else {
43	- $urlarg .= '&'.$key.'='.urlencode($value);
44	+ $urlarg .= '&'.htmlentities($key).'='.htmlentities($value);
45	}
46	}

Gentoo Archives: gentoo-commits