Version bump; added patch to fix chat script insertion vuln for sec bug 89950.

Package-Manager: portage-2.0.51.22-r1

2 files changed, 21 insertions, 0 deletions

diff --git a/www-apps/phprojekt/files/digest-phprojekt-4.2.3 b/www-apps/phprojekt/files/digest-phprojekt-4.2.3
new file mode 100644
index 000000000000..aa1657f00e29
--- /dev/null
+++ b/www-apps/phprojekt/files/digest-phprojekt-4.2.3
@@ -0,0 +1,3 @@
+MD5 364263b1b0a513dba5df4215e6f2e1f0 phprojekt-4.2.3.tar.gz 1026462
+MD5 4d8ca59d86c32650c34e06691b335841 setup.zip 2830
+MD5 25d69434fb367f39db402c33df6cebd4 lib.zip 2149
diff --git a/www-apps/phprojekt/files/phprojekt-4.2.3-fix-chat-vuln.diff b/www-apps/phprojekt/files/phprojekt-4.2.3-fix-chat-vuln.diff
new file mode 100644
index 000000000000..3bf63a08573d
--- /dev/null
+++ b/www-apps/phprojekt/files/phprojekt-4.2.3-fix-chat-vuln.diff
@@ -0,0 +1,18 @@
+diff --exclude='*~' --exclude='.*' -I '$Id:' -urN phprojekt-4.2.3.orig/chat/chat.php phprojekt-4.2.3/chat/chat.php
+--- phprojekt-4.2.3.orig/chat/chat.php	2005-05-29 16:35:28.000000000 -0400
++++ phprojekt-4.2.3/chat/chat.php	2005-05-29 16:37:16.000000000 -0400
+@@ -37,6 +37,7 @@
+ function writetext () {

+   global $chatfile, $user_name, $user_firstname, $content, $max_lines, $chat_time, $chat_names, $chat_direction;

+   // small irc hack - replace /me with the username 

++  $content = htmlentities(strip_tags($content));

+   $content = ereg_replace('/me',$user_firstname,$content);    

+    

+   // add time to new line       

+@@ -211,4 +212,4 @@
+ elseif ($mode == "alive") { alive(); }

+ elseif ($mode == 'check') { check(); }

+ 

+-?>
+\ No newline at end of file
++?>