[Pkg-sql-ledger-commit] r614 - ledger-smb/trunk/debian/patches
pkg-sql-ledger-commit-owner at lists.alioth.debian.org
pkg-sql-ledger-commit-owner at lists.alioth.debian.org
Sun Jul 29 01:55:34 UTC 2012
Author: jame-guest
Date: 2012-07-29 01:55:34 +0000 (Sun, 29 Jul 2012)
New Revision: 614
Added:
ledger-smb/trunk/debian/patches/20_fs-cssdir-fix.patch
Modified:
ledger-smb/trunk/debian/patches/series
Log:
Add 20_fs-cssdir-fix.patch to fix css directory transversal error.
Added: ledger-smb/trunk/debian/patches/20_fs-cssdir-fix.patch
===================================================================
--- ledger-smb/trunk/debian/patches/20_fs-cssdir-fix.patch (rev 0)
+++ ledger-smb/trunk/debian/patches/20_fs-cssdir-fix.patch 2012-07-29 01:55:34 UTC (rev 614)
@@ -0,0 +1,16 @@
+Origin: upstream, http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=5042&view=rev
+Description: Fix for fs_cssdir directory transversal error.
+--- a/LedgerSMB/AM.pm
++++ b/LedgerSMB/AM.pm
+@@ -1501,6 +1501,11 @@
+
+ my @allowedsuff = qw(css tex txt html xml);
+ my $test = $form->{file};
++ $test =~ s|^$LedgerSMB::Sysconfig::fs_cssdir||;
++ if ($LedgerSMB::Sysconfig::fs_cssdir
++ and $LedgerSMB::Sysconfig::fs_cssdir !~ m|/$|){
++ $test =~ s|^/||;
++ }
+ if ($LedgerSMB::Sysconfig::templates =~ /^(.:)*?\//){
+ $test =~ s#^$LedgerSMB::Sysconfig::templates/?\\?##;
+ }
Modified: ledger-smb/trunk/debian/patches/series
===================================================================
--- ledger-smb/trunk/debian/patches/series 2012-07-14 22:23:03 UTC (rev 613)
+++ ledger-smb/trunk/debian/patches/series 2012-07-29 01:55:34 UTC (rev 614)
@@ -1,3 +1,4 @@
05_confdir.patch
10_httpdconf.patch
15_UI-setup-credentials.patch
+20_fs-cssdir-fix.patch
More information about the Pkg-sql-ledger-commit
mailing list