From f711231ca669f59173800dc3cad4f84fabe7d50c Mon Sep 17 00:00:00 2001 From: TBK Date: Fri, 31 May 2019 15:58:42 +0200 Subject: community/phpldapadmin: upgrade to 1.2.4 Closes GH-8326 --- community/phpldapadmin/CVE-2017-11107.patch | 31 ----------------------------- 1 file changed, 31 deletions(-) delete mode 100644 community/phpldapadmin/CVE-2017-11107.patch (limited to 'community/phpldapadmin/CVE-2017-11107.patch') diff --git a/community/phpldapadmin/CVE-2017-11107.patch b/community/phpldapadmin/CVE-2017-11107.patch deleted file mode 100644 index f161d0e46a..0000000000 --- a/community/phpldapadmin/CVE-2017-11107.patch +++ /dev/null @@ -1,31 +0,0 @@ -Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php. -Author: Ismail Belkacim -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php -=================================================================== ---- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php -+++ phpldapadmin-1.2.2/htdocs/entry_chooser.php -@@ -15,9 +15,9 @@ $www['page'] = new page(); - - $request = array(); - $request['container'] = get_request('container','GET'); --$request['form'] = get_request('form','GET'); --$request['element'] = get_request('element','GET'); --$request['rdn'] = get_request('rdn','GET'); -+$request['form'] = htmlspecialchars(addslashes(get_request('form','GET'))); -+$request['element'] = htmlspecialchars(addslashes(get_request('element','GET'))); -+$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET'))); - - echo '
'; - printf('

%s

',_('Entry Chooser')); -@@ -33,7 +33,7 @@ echo ''; - echo ''; - if ($request['container']) { - printf('',_('Server'),$app['server']->getName()); -- printf('',_('Looking in'),$request['container']); -+ printf('',_('Looking in'),htmlspecialchars($request['container'])); - echo ''; - } - -- cgit v1.2.3
%s:%s
%s:%s
%s:%s