ports/152878: [PATCH] www/codeigniter: update to 1.7.3
Bo-Yi Wu
appleboy.tw at gmail.com
Tue Dec 7 03:10:11 UTC 2010
>Number: 152878
>Category: ports
>Synopsis: [PATCH] www/codeigniter: update to 1.7.3
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 07 03:10:10 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Bo-Yi Wu
>Release: FreeBSD 7.1-RELEASE-p13 i386
>Organization:
>Environment:
System: FreeBSD freebsd.ee.ccu.edu.tw 7.1-RELEASE-p13 FreeBSD 7.1-RELEASE-p13 #0: Mon Jul 12 17:44:51 UTC 2010 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Version 1.7.3 is a security maintenance release, including a previously patched file Upload class, and a new security fix to prevent possible directory traversal in certain circumstances. There are no other significant changes.
Remove patched file Upload class.
>How-To-Repeat:
>Fix:
--- codeigniter.patch begins here ---
diff -ruN /usr/ports/www/codeigniter/Makefile codeigniter/Makefile
--- /usr/ports/www/codeigniter/Makefile 2010-11-29 16:47:03.000000000 +0800
+++ codeigniter/Makefile 2010-12-07 10:50:22.000000000 +0800
@@ -6,8 +6,7 @@
#
PORTNAME= codeigniter
-PORTVERSION= 1.7.2
-PORTREVISION= 1
+PORTVERSION= 1.7.3
CATEGORIES= www
MASTER_SITES= http://codeigniter.com/download_files/ \
LOCAL/glarkin
@@ -149,9 +148,6 @@
@${ECHO_MSG} "http://codeigniter.com/user_guide/installation/index.html"
@${ECHO_MSG} ""
-post-patch:
- @cd ${WRKSRC} && ${RM} system/libraries/Upload.php.orig
-
do-install:
@cd ${WRKSRC} && ${COPYTREE_SHARE} "${STD_BITS}" ${WWWDIR}
@for i in ${CI_CONF_FILES}; do \
diff -ruN /usr/ports/www/codeigniter/distinfo codeigniter/distinfo
--- /usr/ports/www/codeigniter/distinfo 2010-11-29 16:47:03.000000000 +0800
+++ codeigniter/distinfo 2010-12-07 10:30:51.000000000 +0800
@@ -1,3 +1,2 @@
-MD5 (CodeIgniter_1.7.2.zip) = 3ce815c3ee66933d926bb51428371a38
-SHA256 (CodeIgniter_1.7.2.zip) = bb870c1cc7297634fe44b81c5c40023c5175a3c2365da9b18a371274c09b1512
-SIZE (CodeIgniter_1.7.2.zip) = 2227891
+SHA256 (CodeIgniter_1.7.3.zip) = 246fe096959cee0b28afb9fa0914a7521ed66f245ca2fe3c07aabc10ba2b0fdf
+SIZE (CodeIgniter_1.7.3.zip) = 2234093
diff -ruN /usr/ports/www/codeigniter/files/patch-system__libraries__Upload.php codeigniter/files/patch-system__libraries__Upload.php
--- /usr/ports/www/codeigniter/files/patch-system__libraries__Upload.php 2010-07-22 06:26:46.000000000 +0800
+++ codeigniter/files/patch-system__libraries__Upload.php 1970-01-01 08:00:00.000000000 +0800
@@ -1,245 +0,0 @@
---- ./system/libraries/Upload.php.orig 2009-04-22 10:15:09.000000000 -0400
-+++ ./system/libraries/Upload.php 2010-07-12 09:16:30.000000000 -0400
-@@ -6,7 +6,7 @@
- *
- * @package CodeIgniter
- * @author ExpressionEngine Dev Team
-- * @copyright Copyright (c) 2008 - 2009, EllisLab, Inc.
-+ * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
- * @license http://codeigniter.com/user_guide/license.html
- * @link http://codeigniter.com
- * @since Version 1.0
-@@ -26,31 +26,33 @@
- */
- class CI_Upload {
-
-- var $max_size = 0;
-- var $max_width = 0;
-- var $max_height = 0;
-- var $max_filename = 0;
-- var $allowed_types = "";
-- var $file_temp = "";
-- var $file_name = "";
-- var $orig_name = "";
-- var $file_type = "";
-- var $file_size = "";
-- var $file_ext = "";
-- var $upload_path = "";
-- var $overwrite = FALSE;
-- var $encrypt_name = FALSE;
-- var $is_image = FALSE;
-- var $image_width = '';
-- var $image_height = '';
-- var $image_type = '';
-- var $image_size_str = '';
-- var $error_msg = array();
-- var $mimes = array();
-- var $remove_spaces = TRUE;
-- var $xss_clean = FALSE;
-- var $temp_prefix = "temp_file_";
--
-+ var $max_size = 0;
-+ var $max_width = 0;
-+ var $max_height = 0;
-+ var $max_filename = 0;
-+ var $allowed_types = "";
-+ var $file_temp = "";
-+ var $file_name = "";
-+ var $orig_name = "";
-+ var $file_type = "";
-+ var $file_size = "";
-+ var $file_ext = "";
-+ var $upload_path = "";
-+ var $overwrite = FALSE;
-+ var $encrypt_name = FALSE;
-+ var $is_image = FALSE;
-+ var $image_width = '';
-+ var $image_height = '';
-+ var $image_type = '';
-+ var $image_size_str = '';
-+ var $error_msg = array();
-+ var $mimes = array();
-+ var $remove_spaces = TRUE;
-+ var $xss_clean = FALSE;
-+ var $temp_prefix = "temp_file_";
-+ var $client_name = '';
-+
-+ var $_file_name_override = '';
- /**
- * Constructor
- *
-@@ -101,7 +103,8 @@
- 'mimes' => array(),
- 'remove_spaces' => TRUE,
- 'xss_clean' => FALSE,
-- 'temp_prefix' => "temp_file_"
-+ 'temp_prefix' => "temp_file_",
-+ 'client_name' => ''
- );
-
-
-@@ -124,6 +127,10 @@
- $this->$key = $val;
- }
- }
-+
-+ // if a file_name was provided in the config, use it instead of the user input
-+ // supplied file name for all uploads until initialized again
-+ $this->_file_name_override = $this->file_name;
- }
-
- // --------------------------------------------------------------------
-@@ -187,17 +194,12 @@
-
- // Set the uploaded data as class variables
- $this->file_temp = $_FILES[$field]['tmp_name'];
-- $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
-- $this->file_size = $_FILES[$field]['size'];
-+ $this->file_size = $_FILES[$field]['size'];
- $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
-- $this->file_type = strtolower($this->file_type);
-- $this->file_ext = $this->get_extension($_FILES[$field]['name']);
--
-- // Convert the file size to kilobytes
-- if ($this->file_size > 0)
-- {
-- $this->file_size = round($this->file_size/1024, 2);
-- }
-+ $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
-+ $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
-+ $this->file_ext = $this->get_extension($this->file_name);
-+ $this->client_name = $this->file_name;
-
- // Is the file type allowed to be uploaded?
- if ( ! $this->is_allowed_filetype())
-@@ -205,6 +207,25 @@
- $this->set_error('upload_invalid_filetype');
- return FALSE;
- }
-+
-+ // if we're overriding, let's now make sure the new name and type is allowed
-+ if ($this->_file_name_override != '')
-+ {
-+ $this->file_name = $this->_prep_filename($this->_file_name_override);
-+ $this->file_ext = $this->get_extension($this->file_name);
-+
-+ if ( ! $this->is_allowed_filetype(TRUE))
-+ {
-+ $this->set_error('upload_invalid_filetype');
-+ return FALSE;
-+ }
-+ }
-+
-+ // Convert the file size to kilobytes
-+ if ($this->file_size > 0)
-+ {
-+ $this->file_size = round($this->file_size/1024, 2);
-+ }
-
- // Is the file size within the allowed maximum?
- if ( ! $this->is_allowed_filesize())
-@@ -312,6 +333,7 @@
- 'full_path' => $this->upload_path.$this->file_name,
- 'raw_name' => str_replace($this->file_ext, '', $this->file_name),
- 'orig_name' => $this->orig_name,
-+ 'client_name' => $this->client_name,
- 'file_ext' => $this->file_ext,
- 'file_size' => $this->file_size,
- 'is_image' => $this->is_image(),
-@@ -549,43 +571,49 @@
- * @access public
- * @return bool
- */
-- function is_allowed_filetype()
-+ function is_allowed_filetype($ignore_mime = FALSE)
- {
- if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
- {
- $this->set_error('upload_no_file_types');
- return FALSE;
- }
-+
-+ $ext = strtolower(ltrim($this->file_ext, '.'));
-+
-+ if ( ! in_array($ext, $this->allowed_types))
-+ {
-+ return FALSE;
-+ }
-
-+ // Images get some additional checks
- $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
-
-- foreach ($this->allowed_types as $val)
-+ if (in_array($ext, $image_types))
- {
-- $mime = $this->mimes_types(strtolower($val));
--
-- // Images get some additional checks
-- if (in_array($val, $image_types))
-+ if (getimagesize($this->file_temp) === FALSE)
- {
-- if (getimagesize($this->file_temp) === FALSE)
-- {
-- return FALSE;
-- }
-- }
-+ return FALSE;
-+ }
-+ }
-
-- if (is_array($mime))
-- {
-- if (in_array($this->file_type, $mime, TRUE))
-- {
-- return TRUE;
-- }
-- }
-- else
-+ if ($ignore_mime === TRUE)
-+ {
-+ return TRUE;
-+ }
-+
-+ $mime = $this->mimes_types($ext);
-+
-+ if (is_array($mime))
-+ {
-+ if (in_array($this->file_type, $mime, TRUE))
- {
-- if ($mime == $this->file_type)
-- {
-- return TRUE;
-- }
-- }
-+ return TRUE;
-+ }
-+ }
-+ elseif ($mime == $this->file_type)
-+ {
-+ return TRUE;
- }
-
- return FALSE;
-@@ -918,7 +946,7 @@
-
- foreach ($parts as $part)
- {
-- if ($this->mimes_types(strtolower($part)) === FALSE)
-+ if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE)
- {
- $filename .= '.'.$part.'_';
- }
-@@ -928,13 +956,6 @@
- }
- }
-
-- // file name override, since the exact name is provided, no need to
-- // run it through a $this->mimes check.
-- if ($this->file_name != '')
-- {
-- $filename = $this->file_name;
-- }
--
- $filename .= '.'.$ext;
-
- return $filename;
diff -ruN /usr/ports/www/codeigniter/pkg-plist codeigniter/pkg-plist
--- /usr/ports/www/codeigniter/pkg-plist 2010-11-29 16:47:03.000000000 +0800
+++ codeigniter/pkg-plist 2010-12-07 10:47:13.000000000 +0800
@@ -75,8 +75,11 @@
%%PORTDOCS%%%%DOCSDIR%%/images/codeigniter_1.7.1_library_reference.png
%%PORTDOCS%%%%DOCSDIR%%/images/file.gif
%%PORTDOCS%%%%DOCSDIR%%/images/folder.gif
+%%PORTDOCS%%%%DOCSDIR%%/images/nav_bg.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_bg_darker.jpg
+%%PORTDOCS%%%%DOCSDIR%%/images/nav_separator.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_separator_darker.jpg
+%%PORTDOCS%%%%DOCSDIR%%/images/nav_toggle.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/nav_toggle_darker.jpg
%%PORTDOCS%%%%DOCSDIR%%/images/smile.gif
%%PORTDOCS%%%%DOCSDIR%%/images/transparent.gif
@@ -102,6 +105,7 @@
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_170.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_171.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_172.html
+%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_173.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_b11.html
%%PORTDOCS%%%%DOCSDIR%%/installation/upgrading.html
%%PORTDOCS%%%%DOCSDIR%%/libraries/benchmark.html
@@ -295,7 +299,6 @@
%%WWWDIR%%/system/libraries/Ftp.php
%%WWWDIR%%/system/libraries/Hooks.php
%%WWWDIR%%/system/libraries/Image_lib.php
-%%WWWDIR%%/system/libraries/index.html
%%WWWDIR%%/system/libraries/Input.php
%%WWWDIR%%/system/libraries/Language.php
%%WWWDIR%%/system/libraries/Loader.php
@@ -311,23 +314,24 @@
%%WWWDIR%%/system/libraries/Table.php
%%WWWDIR%%/system/libraries/Trackback.php
%%WWWDIR%%/system/libraries/Typography.php
+%%WWWDIR%%/system/libraries/URI.php
%%WWWDIR%%/system/libraries/Unit_test.php
%%WWWDIR%%/system/libraries/Upload.php
-%%WWWDIR%%/system/libraries/URI.php
%%WWWDIR%%/system/libraries/User_agent.php
%%WWWDIR%%/system/libraries/Validation.php
%%WWWDIR%%/system/libraries/Xmlrpc.php
%%WWWDIR%%/system/libraries/Xmlrpcs.php
%%WWWDIR%%/system/libraries/Zip.php
+%%WWWDIR%%/system/libraries/index.html
%%WWWDIR%%/system/logs/index.html
%%WWWDIR%%/system/plugins/captcha_pi.php
%%WWWDIR%%/system/plugins/index.html
%%WWWDIR%%/system/plugins/js_calendar_pi.php
+%%WWWDIR%%/system/scaffolding/Scaffolding.php
%%WWWDIR%%/system/scaffolding/images/background.jpg
%%WWWDIR%%/system/scaffolding/images/index.html
%%WWWDIR%%/system/scaffolding/images/logo.jpg
%%WWWDIR%%/system/scaffolding/index.html
-%%WWWDIR%%/system/scaffolding/Scaffolding.php
%%WWWDIR%%/system/scaffolding/views/add.php
%%WWWDIR%%/system/scaffolding/views/delete.php
%%WWWDIR%%/system/scaffolding/views/edit.php
--- codeigniter.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list