diff options
-rw-r--r-- | main/roundcubemail/APKBUILD | 8 | ||||
-rw-r--r-- | main/roundcubemail/save_prefs_vulnerability_fix_0.6.patch | 24 |
2 files changed, 29 insertions, 3 deletions
diff --git a/main/roundcubemail/APKBUILD b/main/roundcubemail/APKBUILD index 401f87b45e1..da66668431c 100644 --- a/main/roundcubemail/APKBUILD +++ b/main/roundcubemail/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=roundcubemail pkgver=0.5.4 -pkgrel=0 +pkgrel=1 pkgdesc="A PHP web-based mail client" url="http://www.roundcube.net" arch="noarch" @@ -11,7 +11,8 @@ depends="php php-imap php-xml php-json php-dom" makedepends="" subpackages="$pkgname-installer" source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz - fix-dirs.patch" + fix-dirs.patch + save_prefs_vulnerability_fix_0.6.patch" _src="$srcdir"/roundcubemail-$pkgver @@ -64,4 +65,5 @@ installer() { } md5sums="a4a401b87a89eabd5e113d9e2fe2ea84 roundcubemail-0.5.4.tar.gz -db71db7b5489ac2d0e8d80a0a8b993e0 fix-dirs.patch" +db71db7b5489ac2d0e8d80a0a8b993e0 fix-dirs.patch +b6f8b5dc55d6f1b50b5d201296379e53 save_prefs_vulnerability_fix_0.6.patch" diff --git a/main/roundcubemail/save_prefs_vulnerability_fix_0.6.patch b/main/roundcubemail/save_prefs_vulnerability_fix_0.6.patch new file mode 100644 index 00000000000..ef8c14b9e2e --- /dev/null +++ b/main/roundcubemail/save_prefs_vulnerability_fix_0.6.patch @@ -0,0 +1,24 @@ +--- a/program/steps/utils/save_pref.inc 2013-03-27 17:16:36.000000000 +0100 ++++ b/program/steps/utils/save_pref.inc 2013-03-27 17:17:33.000000000 +0100 +@@ -21,6 +21,21 @@ + + $name = get_input_value('_name', RCUBE_INPUT_POST); + $value = get_input_value('_value', RCUBE_INPUT_POST); ++$whitelist = array( ++ 'preview_pane', ++ 'list_cols', ++ 'collapsed_folders', ++); ++ ++if (!in_array($name, $whitelist)) { ++ raise_error(array('code' => 500, 'type' => 'php', ++ 'file' => __FILE__, 'line' => __LINE__, ++ 'message' => sprintf("Hack attempt detected (user: %s)", $RCMAIL->get_user_name())), ++ true, false); ++ ++ $OUTPUT->reset(); ++ $OUTPUT->send(); ++} + + // save preference value + $RCMAIL->user->save_prefs(array($name => $value)); |