o Fix two vulnerabilities.

http://www.phpbb.com/news.php?id=17 * phpBB SQL Injection vulnerability http://www.phpbb.com/phpBB/viewtopic.php?t=112052 * PHPBB Admin_Styles.PHP Theme_Info.CFG File Include Vulnerability http://www.securityfocus.com/bid/7932/credit/ http://www.phpbb.com/phpBB/viewtopic.php?t=113826 o Bump PORTREVISION. o Take MAINTAINERship to ports@. PR: ports/54165[1] Submitted by: Kang Liu <lazykang@hotmail.com> [1] Ivanchenko V. I. <webmaster@asiamusic.ru>
author: Norikatsu Shigemura <nork@FreeBSD.org> 2003-07-07 08:04:49 +0000
committer: Norikatsu Shigemura <nork@FreeBSD.org> 2003-07-07 08:04:49 +0000
commit: 4020c357c0cdfebf95a9854eb9dd3cdac2647fef (patch)
tree: 83f9f712f59ea954f2082c94caa50aefb0c8b084 /www/phpbb
parent: Add p5-DateTime-Format-Pg 0.04, (diff)
3 files changed, 55 insertions, 2 deletions
diff --git a/www/phpbb/Makefile b/www/phpbb/Makefile
index ea49e1f7cbe3..ae28dc9ddbd2 100644
--- a/www/phpbb/Makefile
+++ b/www/phpbb/Makefile
@@ -7,13 +7,13 @@
 
 PORTNAME=	phpbb
 PORTVERSION=	2.0.5
-#PORTREVISION=	1
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
 DISTNAME=	phpBB-${PORTVERSION}
 
-MAINTAINER=	wjv@FreeBSD.org
+MAINTAINER=	ports@FreeBSD.org
 COMMENT=	A PHP-based bulletin board / discussion forum system
 
 RUN_DEPENDS=	${LOCALBASE}/share/pear/System.php:${PORTSDIR}/devel/pear-PEAR
@@ -59,6 +59,8 @@ pre-everything::
 post-patch:
 	@ ${REINPLACE_CMD} -e "s#\.\./templates#/${PHPBBURL}/templates#" \
 	  ${WRKSRC}/docs/*.html
+	@ ${RM} ${WRKSRC}/viewtopic.php.orig
+	@ ${RM} ${WRKSRC}/admin/admin_styles.php.orig
 
 post-configure:
 	@ ${SED} \
diff --git a/www/phpbb/files/patch-admin::admin_styles.php b/www/phpbb/files/patch-admin::admin_styles.php
new file mode 100644
index 000000000000..04f9c2048643
--- /dev/null
+++ b/www/phpbb/files/patch-admin::admin_styles.php
@@ -0,0 +1,24 @@
+--- admin/admin_styles.php.orig	Sun Dec 22 04:09:58 2002
++++ admin/admin_styles.php	Mon Jul  7 12:59:05 2003
+@@ -39,16 +39,14 @@
+ // Check if the user has cancled a confirmation message.
+ //
+ $phpbb_root_path = "./../";
++require($phpbb_root_path . 'extension.inc');
+ 
+ $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
+ $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
+ 
+-if (empty($HTTP_POST_VARS['send_file']))
+-{
+-	$no_page_header = ( $cancel ) ? TRUE : FALSE;
+-	require($phpbb_root_path . 'extension.inc');
+-	require('./pagestart.' . $phpEx);
+-}
++$no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE;
++
++require('./pagestart.' . $phpEx);
+ 
+ if ($cancel)
+ {
+
diff --git a/www/phpbb/files/patch-viewtopic.php b/www/phpbb/files/patch-viewtopic.php
new file mode 100644
index 000000000000..857e844f41a7
--- /dev/null
+++ b/www/phpbb/files/patch-viewtopic.php
@@ -0,0 +1,27 @@
+--- viewtopic.php.orig	Mon Jul  7 12:23:41 2003
++++ viewtopic.php	Mon Jul  7 12:25:01 2003
+@@ -29,6 +29,7 @@
+ //
+ // Start initial var setup
+ //
++$topic_id = $post_id = false;
+ if ( isset($HTTP_GET_VARS[POST_TOPIC_URL]) )
+ {
+ 	$topic_id = intval($HTTP_GET_VARS[POST_TOPIC_URL]);
+@@ -134,11 +135,11 @@
+ // also allows for direct linking to a post (and the calculation of which
+ // page the post is on and the correct display of viewtopic)
+ //
+-$join_sql_table = ( !isset($post_id) ) ? '' : ", " . POSTS_TABLE . " p, " . POSTS_TABLE . " p2 ";
+-$join_sql = ( !isset($post_id) ) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id";
+-$count_sql = ( !isset($post_id) ) ? '' : ", COUNT(p2.post_id) AS prev_posts";
++$join_sql_table = ( empty($post_id) ) ? '' : ", " . POSTS_TABLE . " p, " . POSTS_TABLE . " p2 ";
++$join_sql = ( empty($post_id) ) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id";
++$count_sql = ( empty($post_id) ) ? '' : ", COUNT(p2.post_id) AS prev_posts";
+ 
+-$order_sql = ( !isset($post_id) ) ? '' : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC";
++$order_sql = ( empty($post_id) ) ? '' : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC";
+ 
+ $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_status, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce, f.auth_pollcreate, f.auth_vote, f.auth_attachments" . $count_sql . "
+ 	FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . "
+
author	Norikatsu Shigemura <nork@FreeBSD.org>	2003-07-07 08:04:49 +0000
committer	Norikatsu Shigemura <nork@FreeBSD.org>	2003-07-07 08:04:49 +0000
commit	4020c357c0cdfebf95a9854eb9dd3cdac2647fef (patch)
tree	83f9f712f59ea954f2082c94caa50aefb0c8b084 /www/phpbb
parent	Add p5-DateTime-Format-Pg 0.04, (diff)