Date: Sunday, May 7, 2017 @ 13:45:43
Author: arodseth
Revision: 227256
archrelease: copy trunk to community-any
Added:
wordpress/repos/community-any/PKGBUILD
(from rev 227255, wordpress/trunk/PKGBUILD)
wordpress/repos/community-any/password_reset_exploit.patch
(from rev 227255, wordpress/trunk/password_reset_exploit.patch)
wordpress/repos/community-any/wordpress.install
(from rev 227255, wordpress/trunk/wordpress.install)
Deleted:
wordpress/repos/community-any/PKGBUILD
wordpress/repos/community-any/wordpress.install
--+
PKGBUILD | 66 ++---
password_reset_exploit.patch | 33
wordpress.install| 42 +-
3 files changed, 90 insertions(+), 51 deletions(-)
Deleted: PKGBUILD
===
--- PKGBUILD2017-05-07 13:45:33 UTC (rev 227255)
+++ PKGBUILD2017-05-07 13:45:43 UTC (rev 227256)
@@ -1,30 +0,0 @@
-# $Id$
-# Maintainer: Alexander F Rødseth
-# Contributor: Thomas Dziedzic
-# Contributor: Jose Valecillos
-# Contributor: Kaos
-# Contributor: Christopher Rogers
-
-pkgname=wordpress
-pkgver=4.7.4
-pkgrel=1
-pkgdesc='Blog tool and publishing platform'
-arch=('any')
-url='https://wordpress.org/'
-license=('GPL')
-depends=('php')
-optdepends=('apache: Web server to run wordpress'
-'nginx: Web server to run wordpress'
-'cherokee: Lightweight Web server to run wordpress'
-'mysql: Database server')
-options=('emptydirs')
-install="$pkgname.install"
-source=("https://wordpress.org/$pkgname-$pkgver.tar.gz";)
-sha256sums=('c11ce7580f21dfbca70dd6f817d3376385be6d34cf4d86f233eae3acb5fd87fd')
-
-package() {
- install -d "$pkgdir/usr/share/webapps"
- cp -r wordpress "$pkgdir/usr/share/webapps"
-}
-
-# vim:set ts=2 sw=2 et:
Copied: wordpress/repos/community-any/PKGBUILD (from rev 227255,
wordpress/trunk/PKGBUILD)
===
--- PKGBUILD(rev 0)
+++ PKGBUILD2017-05-07 13:45:43 UTC (rev 227256)
@@ -0,0 +1,36 @@
+# $Id$
+# Maintainer: Alexander F Rødseth
+# Contributor: Thomas Dziedzic
+# Contributor: Jose Valecillos
+# Contributor: Kaos
+# Contributor: Christopher Rogers
+
+pkgname=wordpress
+pkgver=4.7.4
+pkgrel=2
+pkgdesc='Blog tool and publishing platform'
+arch=('any')
+url='https://wordpress.org/'
+license=('GPL')
+depends=('php')
+optdepends=('apache: Web server to run wordpress'
+'nginx: Web server to run wordpress'
+'cherokee: Lightweight Web server to run wordpress'
+'mysql: Database server')
+options=('emptydirs')
+install="$pkgname.install"
+source=("https://wordpress.org/$pkgname-$pkgver.tar.gz";
'password_reset_exploit.patch')
+sha256sums=('c11ce7580f21dfbca70dd6f817d3376385be6d34cf4d86f233eae3acb5fd87fd'
+'68244b5bd534b21c88dc25074bf1fbc7a26d601cee69d78a467b1287f9eb2eed')
+
+prepare() {
+ cd "$pkgname"
+ patch -p1 -i "$srcdir/password_reset_exploit.patch"
+}
+
+package() {
+ install -d "$pkgdir/usr/share/webapps"
+ cp -r "$pkgname" "$pkgdir/usr/share/webapps"
+}
+
+# vim:set ts=2 sw=2 et:
Copied: wordpress/repos/community-any/password_reset_exploit.patch (from rev
227255, wordpress/trunk/password_reset_exploit.patch)
===
--- password_reset_exploit.patch(rev 0)
+++ password_reset_exploit.patch2017-05-07 13:45:43 UTC (rev 227256)
@@ -0,0 +1,33 @@
+--- a/wp-includes/pluggable.php2017-05-07 15:19:40.838218673 +0200
b/wp-includes/pluggable.php2017-05-07 15:25:35.661548515 +0200
+@@ -321,15 +321,21 @@
+* https://core.trac.wordpress.org/ticket/5007.
+*/
+
+- if ( !isset( $from_email ) ) {
+- // Get the site domain and get rid of www.
+- $sitename = strtolower( $_SERVER['SERVER_NAME'] );
+- if ( substr( $sitename, 0, 4 ) == 'www.' ) {
+- $sitename = substr( $sitename, 4 );
+- }
+-
+- $from_email = 'wordpress@' . $sitename;
+- }
++// Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092
++if ( !isset( $from_email ) ) {
++// Get the site domain and get rid of www.
++$sitename = strtolower( WP_HOME );
++if ( substr( $sitename, 0, 7 ) == 'http://' ) {
++$sitename = substr( $sitename, 7 );
++}
++if ( substr( $sitename, 0, 8 ) == 'https://' ) {
++$sitename = substr( $sitename, 8 );
++}
++if ( substr( $sitename, 0, 4 ) == 'www.' ) {
++$sitename = substr( $sitename, 4 );
++}
++$from_email = 'wordpress@' . $sitename;
++}
+
+ /**
+* Filters the email address to send from.
Deleted: wordpress.install
==