[debian-edu-commits] debian-edu/pkg-team/ 02/04: debian/patches: Update 0003_xss-vulnerability-on-login-screen.patch. Fix a second place where $username should be sanitized by set_post() function.

[Mike Gabriel]

This is an automated email from the git hooks/post-receive script.

sunweaver pushed a commit to branch master
in repository gosa.

commit b0baadae0db3ddef0da281a5a31e1e808a2efc9d
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Mon Oct 19 13:05:10 2015 +0200

    debian/patches: Update 0003_xss-vulnerability-on-login-screen.patch. Fix a second place where $username should be sanitized by set_post() function.
---
 .../0003_xss-vulnerability-on-login-screen.patch      | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/debian/patches/0003_xss-vulnerability-on-login-screen.patch b/debian/patches/0003_xss-vulnerability-on-login-screen.patch
index 865c74e..af5cd6b 100644
--- a/debian/patches/0003_xss-vulnerability-on-login-screen.patch
+++ b/debian/patches/0003_xss-vulnerability-on-login-screen.patch
@@ -1,14 +1,23 @@
 Description: Escape html entities to fix xss at the login screen
 Author: Benjamin Zapiec
 
-Index: gosa-core/html/index.php
-===================================================================
---- a/gosa-core/html/index.php	(revision 21273)
-+++ b/gosa-core/html/index.php	(revision 21276)
-@@ -389,5 +389,5 @@
+--- a/gosa-core/html/index.php
++++ b/gosa-core/html/index.php
+@@ -56,7 +56,7 @@
+     $smarty->assign ("title","GOsa");
+     $smarty->assign("logo", image(get_template_path("images/logo.png")));
+     $smarty->assign('date', gmdate("D, d M Y H:i:s"));
+-    $smarty->assign('username', $username);
++    $smarty->assign('username', set_post($username));
+     $smarty->assign('personal_img', get_template_path('images/login-head.png'));
+     $smarty->assign('password_img', get_template_path('images/password.png'));
+     $smarty->assign('directory_img', get_template_path('images/ldapserver.png'));
+@@ -388,7 +388,7 @@
+ 
  /* Fill template with required values */
  $smarty->assign ('date', gmdate("D, d M Y H:i:s"));
 -$smarty->assign ('username', $username);
 +$smarty->assign ('username', set_post($username));
  $smarty->assign ('personal_img', get_template_path('images/login-head.png'));
  $smarty->assign ('password_img', get_template_path('images/password.png'));
+ $smarty->assign ('directory_img', get_template_path('images/ldapserver.png'));

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/gosa.git