[gentoo-commits] repo/gentoo:master commit in: net-nds/phpldapadmin/files/

[gentoo-commits] repo/gentoo:master commit in: net-nds/phpldapadmin/files/

[Michael Palimaka]

commit:     09a069f6ee2dd1e495a5cbf236d0607c66f997a3
Author:     Michael Mair-Keimberger (asterix) <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Fri Jan 27 15:29:20 2017 +0000
Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Sun Jan 29 17:41:35 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09a069f6

net-nds/phpldapadmin: remove unused patches

 .../phpldapadmin-1.2.1.1-fix-cmd-exploit.patch     | 27 -----------------
 ...hpldapadmin-1.2.1.1-fix-functions-exploit.patch | 28 ------------------
 .../files/phpldapadmin-1.2.2-base.patch            | 34 ----------------------
 3 files changed, 89 deletions(-)

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch
deleted file mode 100644
index b5ae92d..00000000
--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001
-From: Deon George <wurley@users.sf.net>
-Date: Wed, 27 Jul 2011 07:30:06 +1000
-Subject: [PATCH] Remove XSS vulnerabilty in debug code
-
----
- htdocs/cmd.php |    4 ----
- 1 files changed, 0 insertions(+), 4 deletions(-)
-
-diff --git a/htdocs/cmd.php b/htdocs/cmd.php
-index 34f3848..0ddf004 100644
---- a/htdocs/cmd.php
-+++ b/htdocs/cmd.php
-@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST');
- ob_start();
- 
- switch ($www['cmd']) {
--	case '_debug':
--		debug_dump($_REQUEST,1);
--		break;
--
- 	default:
- 		if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
- 			$app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
--- 
-1.7.4.1
-

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch
deleted file mode 100644
index bc18b45..00000000
--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-functions-exploit.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001
-From: Deon George <wurley@users.sf.net>
-Date: Thu, 6 Oct 2011 09:03:20 +1100
-Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability
-
----
- lib/functions.php |    5 +++--
- 1 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/lib/functions.php b/lib/functions.php
-index 19fde99..eb160dc 100644
---- a/lib/functions.php
-+++ b/lib/functions.php
-@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
- 	if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
- 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
- 
--	# if the array to sort is null or empty
--	if (! $data) return;
-+	# if the array to sort is null or empty, or if we have some nasty chars
-+	if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
-+		return;
- 
- 	static $CACHE = array();
- 
--- 
-1.7.4.1
-

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
deleted file mode 100644
index bff3c62..00000000
--- a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001
-From: Deon George <wurley@users.sf.net>
-Date: Tue, 24 Jan 2012 12:37:28 +1100
-Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query
-
----
- lib/QueryRender.php |    4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/QueryRender.php b/lib/QueryRender.php
-index 291ec40..685f3ba 100644
---- a/lib/QueryRender.php
-+++ b/lib/QueryRender.php
-@@ -497,7 +497,7 @@ class QueryRender extends PageRender {
- 				$this->getAjaxRef($base),
- 				$this->getAjaxRef($base),
- 				($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),
--				$base);
-+				htmlspecialchars($base));
- 		}
- 		echo '</tr>';
- 		echo '</table>';
-@@ -545,7 +545,7 @@ class QueryRender extends PageRender {
- 		echo ' ]</small>';
- 
- 		echo '<br />';
--		printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);
-+		printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base));
- 
- 		echo '<br />';
- 		printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));
--- 
-1.7.4.1
-

[gentoo-commits] repo/gentoo:master commit in: net-nds/phpldapadmin/files/

[Aaron Bauman]

commit:     8af5031208d64185e8104a6b94282b24a227541e
Author:     Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Sat Dec 14 08:03:14 2019 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sat Dec 14 21:48:58 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8af50312

net-nds/phpldapadmin: remove unused patch

Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/13979
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>

 .../files/phpldapadmin-fix-php5.5-support.patch    | 152 ---------------------
 1 file changed, 152 deletions(-)

diff --git a/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch b/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch
deleted file mode 100644
index df6a7c16375..00000000000
--- a/net-nds/phpldapadmin/files/phpldapadmin-fix-php5.5-support.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-commit 7e53dab990748c546b79f0610c3a7a58431e9ebc
-Author: Michael Laccetti <michael@laccetti.com>
-Date:   Thu Aug 29 09:13:56 2013 -0400
-
-    Fixed two issues to get phpLdapAdmin to work under PHP 5.5.x
-    1) password_hash is an actual function, so renamed instances to password_hash_custom (HT: https://sourceforge.net/mailarchive/message.php?msg_id=31302386)
-    2) Fixed the preg_replace to preg_replace_callback to use the /e/ functionality in the officially endorsed fashion
-
-diff --git a/lib/PageRender.php b/lib/PageRender.php
-index 7d86a54..eed5d5f 100644
---- a/lib/PageRender.php
-+++ b/lib/PageRender.php
-@@ -287,7 +287,7 @@ class PageRender extends Visitor {
- 						break;
- 
- 					default:
--						$vals[$i] = password_hash($passwordvalue,$enc);
-+						$vals[$i] = password_hash_custom($passwordvalue,$enc);
- 				}
- 
- 				$vals = array_unique($vals);
-@@ -957,7 +957,7 @@ class PageRender extends Visitor {
- 		if (trim($val))
- 			$enc_type = get_enc_type($val);
- 		else
--			$enc_type = $server->getValue('appearance','password_hash');
-+			$enc_type = $server->getValue('appearance','password_hash_custom');
- 
- 		$obfuscate_password = obfuscate_password_display($enc_type);
- 
-@@ -982,7 +982,7 @@ class PageRender extends Visitor {
- 		if (trim($val))
- 			$enc_type = get_enc_type($val);
- 		else
--			$enc_type = $server->getValue('appearance','password_hash');
-+			$enc_type = $server->getValue('appearance','password_hash_custom');
- 
- 		echo '<table cellspacing="0" cellpadding="0"><tr><td valign="top">';
- 
-diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php
-index c346660..7532539 100644
---- a/lib/ds_ldap.php
-+++ b/lib/ds_ldap.php
-@@ -1116,13 +1116,24 @@ class ldap extends DS {
- 
- 		if (is_array($dn)) {
- 			$a = array();
--			foreach ($dn as $key => $rdn)
--				$a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
-+			foreach ($dn as $key => $rdn) {
-+				$a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
-+					function ($m) {
-+						return ''.chr(hexdec('\\1')).'';
-+					},
-+					$rdn
-+					);
-+			}
- 
- 			return $a;
- 
- 		} else
--			return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
-+			 return preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
-+				function ($m) {
-+					return ''.chr(hexdec('\\1')).'';
-+				},
-+				$dn
-+			);
- 	}
- 
- 	public function getRootDSE($method=null) {
-diff --git a/lib/ds_ldap_pla.php b/lib/ds_ldap_pla.php
-index 7ece393..6b0990e 100644
---- a/lib/ds_ldap_pla.php
-+++ b/lib/ds_ldap_pla.php
-@@ -16,7 +16,7 @@ class ldap_pla extends ldap {
- 	function __construct($index) {
- 		parent::__construct($index);
- 
--		$this->default->appearance['password_hash'] = array(
-+		$this->default->appearance['password_hash_custom'] = array(
- 			'desc'=>'Default HASH to use for passwords',
- 			'default'=>'md5');
- 
-diff --git a/lib/functions.php b/lib/functions.php
-index 56d8bf3..5ac3caf 100644
---- a/lib/functions.php
-+++ b/lib/functions.php
-@@ -2127,7 +2127,7 @@ function password_types() {
-  *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
-  * @return string The hashed password.
-  */
--function password_hash($password_clear,$enc_type) {
-+function password_hash_custom($password_clear,$enc_type) {
- 	if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
- 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
- 
-@@ -2318,7 +2318,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
- 
- 		# SHA crypted passwords
- 		case 'sha':
--			if (strcasecmp(password_hash($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
-+			if (strcasecmp(password_hash_custom($plainpassword,'sha'),'{SHA}'.$cryptedpassword) == 0)
- 				return true;
- 			else
- 				return false;
-@@ -2327,7 +2327,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
- 
- 		# MD5 crypted passwords
- 		case 'md5':
--			if( strcasecmp(password_hash($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
-+			if( strcasecmp(password_hash_custom($plainpassword,'md5'),'{MD5}'.$cryptedpassword) == 0)
- 				return true;
- 			else
- 				return false;
-@@ -2392,7 +2392,7 @@ function password_check($cryptedpassword,$plainpassword,$attribute='userpassword
- 
- 		# SHA512 crypted passwords
- 		case 'sha512':
--			if (strcasecmp(password_hash($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
-+			if (strcasecmp(password_hash_custom($plainpassword,'sha512'),'{SHA512}'.$cryptedpassword) == 0)
- 				return true;
- 			else
- 				return false;
-@@ -2564,13 +2564,24 @@ function dn_unescape($dn) {
- 	if (is_array($dn)) {
- 		$a = array();
- 
--		foreach ($dn as $key => $rdn)
--			$a[$key] = preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn);
-+		foreach ($dn as $key => $rdn) {
-+			$a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
-+				function ($m) {
-+					return ''.chr(hexdec('\\1')).'';
-+				},
-+				$rdn
-+			);
-+		}
- 
- 		return $a;
- 
- 	} else {
--		return preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn);
-+		 return  preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',
-+			 function ($m) {
-+				return ''.chr(hexdec('\\1')).'';
-+			},
-+			$dn
-+		);
- 	}
- }
-