Bug#813590: Jessie debdiff

Mathieu Parent Thu, 04 Feb 2016 05:22:00 -0800

Here is the patch for jessie.

-- 
Mathieu

From e296b805cc1def193d3e9efa6891e031f18cb1de Mon Sep 17 00:00:00 2001
From: Mathieu Parent <math.par...@gmail.com>
Date: Thu, 4 Feb 2016 14:03:33 +0100
Subject: [PATCH] Escape form value, fix XSS in Horde_Core_VarRenderer_Html
 (Closes: #813590)


---
 debian/changelog                            |  6 ++++++
 debian/patches/0001-Escape-form-value.patch | 25 +++++++++++++++++++++++++
 debian/patches/series                       |  1 +
 3 files changed, 32 insertions(+)
 create mode 100644 debian/patches/0001-Escape-form-value.patch
 create mode 100644 debian/patches/series

diff --git a/debian/changelog b/debian/changelog
index 3a76ef5..950c5c6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+php-horde-core (2.15.0+debian0-2) unstable; urgency=medium
+
+  * Escape form value, fix XSS in Horde_Core_VarRenderer_Html (Closes: #813590)
+
+ -- Mathieu Parent <sath...@debian.org>  Thu, 04 Feb 2016 14:03:38 +0100
+
 php-horde-core (2.15.0+debian0-1) unstable; urgency=medium
 
   * New upstream version 2.15.0+debian0
diff --git a/debian/patches/0001-Escape-form-value.patch b/debian/patches/0001-Escape-form-value.patch
new file mode 100644
index 0000000..1907b08
--- /dev/null
+++ b/debian/patches/0001-Escape-form-value.patch
@@ -0,0 +1,25 @@
+From: Michael J Rubinsky <mrubi...@horde.org>
+Date: Mon, 14 Dec 2015 09:27:09 -0500
+Subject: Escape form value.
+
+Even though this is a numeric field, this isn't enforced until
+the form is submitted.
+
+(Adapted from upstream 11d74fa5a22fe626c5e5a010b703cd46a136f253)
+
+diff --git a/Horde_Core-2.15.0/lib/Horde/Core/Ui/VarRenderer/Html.php b/Horde_Core-2.15.0/lib/Horde/Core/Ui/VarRenderer/Html.php
+index 62ae559..580dc27 100644
+--- a/Horde_Core-2.15.0/lib/Horde/Core/Ui/VarRenderer/Html.php
++++ b/Horde_Core-2.15.0/lib/Horde/Core/Ui/VarRenderer/Html.php
+@@ -48,7 +48,7 @@ class Horde_Core_Ui_VarRenderer_Html extends Horde_Core_Ui_VarRenderer
+         return sprintf('<input type="text" size="5" name="%s" id="%s" value="%s"%s />',
+                        htmlspecialchars($var->getVarName()),
+                        $this->_genID($var->getVarName(), false),
+-                       $value,
++                       htmlspecialchars($value),
+                        $this->_getActionScripts($form, $var)
+                );
+     }
+-- 
+2.7.0
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..3a37ec8
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-Escape-form-value.patch
-- 
2.7.0

Bug#813590: Jessie debdiff

Reply via email to