[debian-edu-commits] debian-edu/pkg-team/ 04/06: debian/patches: Add 0003_xss-vulnerability-on-login-screen.patch. Escape html entities to fix xss at the login screen. (Closes: #753388).

Mike Gabriel sunweaver at debian.org
Tue Jul 1 12:42:30 UTC 2014 

This is an automated email from the git hooks/post-receive script.

sunweaver pushed a commit to branch master
in repository gosa.

commit e8a1651380fee4de005750487e926c2971b86290
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Jul 1 14:10:10 2014 +0200

    debian/patches: Add 0003_xss-vulnerability-on-login-screen.patch.  Escape html entities to fix xss at the login screen. (Closes: #753388).
---
 .../patches/0003_xss-vulnerability-on-login-screen.patch   | 14 ++++++++++++++
 debian/patches/series                                      |  1 +
 2 files changed, 15 insertions(+)

diff --git a/debian/patches/0003_xss-vulnerability-on-login-screen.patch b/debian/patches/0003_xss-vulnerability-on-login-screen.patch
new file mode 100644
index 0000000..b59e7ec
--- /dev/null
+++ b/debian/patches/0003_xss-vulnerability-on-login-screen.patch
@@ -0,0 +1,14 @@
+Author: Benjamin Zapiec
+Description: Escape html entities to fix xss at the login screen
+
+Index: gosa-core/html/index.php
+===================================================================
+--- a/gosa-core/html/index.php	(revision 21273)
++++ b/gosa-core/html/index.php	(revision 21276)
+@@ -389,5 +389,5 @@
+ /* Fill template with required values */
+ $smarty->assign ('date', gmdate("D, d M Y H:i:s"));
+-$smarty->assign ('username', $username);
++$smarty->assign ('username', set_post($username));
+ $smarty->assign ('personal_img', get_template_path('images/login-head.png'));
+ $smarty->assign ('password_img', get_template_path('images/password.png'));
diff --git a/debian/patches/series b/debian/patches/series
index ae9907f..da3fbc7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,6 @@
 0001_smarty3.patch
 0002_style-robustness.patch
+0003_xss-vulnerability-on-login-screen.patch
 1001_fix-mass-ldapimport.patch
 1002_trim-decrypt.patch
 2001_fix-smarty-location.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/gosa.git

More information about the debian-edu-commits mailing list