Give the user a chance to disable our local anti-DoS patch, which

appears to be conflict with phpBB's built-in captcha functionality.

Please note that this does not change the default behavior (patch
phpBB for the DoS issue), and this is intentionally undocumented.
Hopefully we can get rid of all these home-grown stuff as the
phpBB make their 2.2-release.

Requested by:	Goyo Roth <sadangel@pow2clk.net>
PR:		ports/93204
Submitted by:	delphij
Approved by:	Kang Liu <liukang@cn.FreeBSD.org>
Approved by:	mentor (sem)

2 files changed, 8 insertions, 0 deletions

diff --git a/www/phpbb/Makefile b/www/phpbb/Makefile
index 0490e4d65982..a629909a6f27 100644
--- a/www/phpbb/Makefile
+++ b/www/phpbb/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	phpbb
 PORTVERSION=	2.0.20
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -31,6 +32,13 @@ WWWGRP?=	www
 #
 # End of user-configurable variables.
 
+# XXX The phpBB folks does not seem to care about the session table DoS
+#     issue.  You can disable the patch at your own risk to make the
+#     visual authentication work.
+.if !defined(WITHOUT_ANTI_SESSIONTAB_DOS_PATCH)
+EXTRA_PATCHES=	${FILESDIR}/security-patch-includes-sessions.php
+.endif
+
 # Set/override/append to variables from bsd.port.mk:
 #
 WRKSRC=		${WRKDIR}/phpBB2
diff --git a/www/phpbb/files/patch-includes-sessions.php b/www/phpbb/files/security-patch-includes-sessions.php
index a84aa2f04322..a84aa2f04322 100644
--- a/www/phpbb/files/patch-includes-sessions.php
+++ b/www/phpbb/files/security-patch-includes-sessions.php