1 |
dertobi123 08/11/28 15:55:15 |
2 |
|
3 |
Added: smarty-2.6.20-CVE-2008-4810.patch |
4 |
Log: |
5 |
Revision bump for security bug #243856 |
6 |
(Portage version: 2.2_rc16/cvs/Linux 2.6.25-gentoo-r7 x86_64) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: smarty-2.6.20-CVE-2008-4810.patch |
15 |
=================================================================== |
16 |
------------------------------------------------------------------------ |
17 |
r2784 | Uwe.Tews | 2008-09-18 23:03:32 +0200 (Thu, 18 Sep 2008) | 1 line |
18 |
|
19 |
- fix function injection security hole closed (U.Tews) |
20 |
------------------------------------------------------------------------ |
21 |
r2796 | monte.ohrt | 2008-09-22 17:29:16 +0200 (Mon, 22 Sep 2008) | 3 lines |
22 |
|
23 |
revert patch for secuity hole, update site url |
24 |
|
25 |
|
26 |
------------------------------------------------------------------------ |
27 |
r2797 | monte.ohrt | 2008-09-22 21:26:32 +0200 (Mon, 22 Sep 2008) | 3 lines |
28 |
|
29 |
patch for security, php executed in templates |
30 |
|
31 |
|
32 |
------------------------------------------------------------------------ |
33 |
Index: Smarty_Compiler.class.php |
34 |
=================================================================== |
35 |
--- Smarty-2.6.20.orig/libs/Smarty_Compiler.class.php (revision 2781) |
36 |
+++ Smarty-2.6.20/libs/Smarty_Compiler.class.php (revision 2797) |
37 |
@@ -1705,6 +1705,8 @@ |
38 |
} |
39 |
// replace double quoted literal string with single quotes |
40 |
$_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); |
41 |
+ // escape dollar sign if not printing a var |
42 |
+ $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return); |
43 |
return $_return; |
44 |
} |