diff options
| -rw-r--r-- | www/phpbb/Makefile | 8 | ||||
| -rw-r--r-- | www/phpbb/files/security-patch-includes-sessions.php | 11 |
2 files changed, 1 insertions, 18 deletions
diff --git a/www/phpbb/Makefile b/www/phpbb/Makefile index d4a07b676c28..f57d06e2e22c 100644 --- a/www/phpbb/Makefile +++ b/www/phpbb/Makefile @@ -7,6 +7,7 @@ PORTNAME= phpbb PORTVERSION= 2.0.22 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -31,13 +32,6 @@ WWWGRP?= www # # End of user-configurable variables. -# XXX The phpBB folks does not seem to care about the session table DoS -# issue. You can disable the patch at your own risk to make the -# visual authentication work. -.if !defined(WITHOUT_ANTI_SESSIONTAB_DOS_PATCH) -EXTRA_PATCHES= ${FILESDIR}/security-patch-includes-sessions.php -.endif - # Set/override/append to variables from bsd.port.mk: # WRKSRC= ${WRKDIR}/phpBB2 diff --git a/www/phpbb/files/security-patch-includes-sessions.php b/www/phpbb/files/security-patch-includes-sessions.php deleted file mode 100644 index a84aa2f04322..000000000000 --- a/www/phpbb/files/security-patch-includes-sessions.php +++ /dev/null @@ -1,11 +0,0 @@ ---- includes/sessions.php.orig Sat May 14 05:04:00 2005 -+++ includes/sessions.php Sun May 15 18:53:48 2005 -@@ -167,7 +167,7 @@ - $sql = "INSERT INTO " . SESSIONS_TABLE . " - (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) - VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; -- if ( !$db->sql_query($sql) ) -+ if ( $user_id != ANONYMOUS && !$db->sql_query($sql) ) - { - message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); - } |