[pkg-horde] [SCM] Debian Horde Packages repository: sork-passwd-h3 package branch, upstream+patches, updated. b42c52bb0146889a9bd2b112b13b4f150e7e9cee

Gregory Colpart reg at foulademer.gcolpart.com
Fri Aug 7 23:16:24 UTC 2009 

The following commit has been merged in the upstream+patches branch:
commit b42c52bb0146889a9bd2b112b13b4f150e7e9cee
Author: Gregory Colpart <reg at foulademer.gcolpart.com>
Date:   Sat Aug 8 00:41:45 2009 +0200

    NMU from security team

diff --git a/main.php b/main.php
index 19e6da0..53c141e 100644
--- a/main.php
+++ b/main.php
@@ -15,8 +15,20 @@
 require_once PASSWD_BASE . '/lib/base.php';
 require PASSWD_BASE . '/config/backends.php';
 
+// Get the backend details.
+$backend_key = Util::getFormData('backend', false);
+if (!isset($backends[$backend_key])) {
+    $backend_key = null;
+}
+
+
+
 // Use a do-while to allow easy breaking if an error is found.
 do {
+    if (!$backend_key) {
+        break;
+    }
+
     // Has the user submitted the form yet?
     $submit = Util::getFormData('submit', false);
     if (!$submit) {
@@ -24,8 +36,6 @@ do {
         break;
     }
 
-    // Get the backend details.
-    $backend_key = Util::getFormData('backend', false);
     $driver = $backends[$backend_key]['driver'];
     $params = $backends[$backend_key]['params'];
     $password_policy = isset($backends[$backend_key]['password policy'])
@@ -242,8 +252,8 @@ if ($conf['backend']['backend_list'] == 'shown') {
 
     foreach ($backends as $key => $current_backend) {
         $sel = ($key == $backend_key) ? ' selected="selected"' : '';
-        $backends_list .= "<option value=\"$key\"$sel>";
-        $backends_list .= $current_backend['name'] . '</option>';
+        $backends_list .= '<option value="' . htmlspecialchars($key) . '"' . $sel . '>' .
+            htmlspecialchars($current_backend['name']) . '</option>';
     }
 }
 
diff --git a/templates/main/main.inc b/templates/main/main.inc
index 7899cd8..e373e24 100644
--- a/templates/main/main.inc
+++ b/templates/main/main.inc
@@ -53,7 +53,7 @@ $item = 1;
 <form method="post" action="<?php echo Horde::url('main.php', false, -1, true) ?>" name="passwd">
 <?php echo Util::formInput() ?>
 <?php if ($conf['backend']['backend_list'] == 'hidden'): ?>
-<input type="hidden" name="backend" value="<?php echo $backend_key ?>" />
+<input type="hidden" name="backend" value="<?php echo htmlspecialchars($backend_key) ?>" />
 <?php endif; if ($conf['user']['change'] !== true): ?>
 <input type="hidden" name="userid" value="<?php echo htmlspecialchars($userid) ?>" />
 <?php endif; ?>

-- 
Debian Horde Packages repository: sork-passwd-h3 package

More information about the pkg-horde-hackers mailing list