diff options
Diffstat (limited to 'net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch')
| -rw-r--r-- | net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch new file mode 100644 index 000000000000..b5ae92d0425c --- /dev/null +++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch @@ -0,0 +1,27 @@ +From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001 +From: Deon George <wurley@users.sf.net> +Date: Wed, 27 Jul 2011 07:30:06 +1000 +Subject: [PATCH] Remove XSS vulnerabilty in debug code + +--- + htdocs/cmd.php | 4 ---- + 1 files changed, 0 insertions(+), 4 deletions(-) + +diff --git a/htdocs/cmd.php b/htdocs/cmd.php +index 34f3848..0ddf004 100644 +--- a/htdocs/cmd.php ++++ b/htdocs/cmd.php +@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST'); + ob_start(); + + switch ($www['cmd']) { +- case '_debug': +- debug_dump($_REQUEST,1); +- break; +- + default: + if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php')) + $app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php'; +-- +1.7.4.1 + |