diff options
-rw-r--r-- | php-sabredav-Sabre_DAV.spec | 11 | ||||
-rw-r--r-- | sabreDav_BrowserPluginFix.patch | 23 |
2 files changed, 7 insertions, 27 deletions
diff --git a/php-sabredav-Sabre_DAV.spec b/php-sabredav-Sabre_DAV.spec index ff85b44..e3be00f 100644 --- a/php-sabredav-Sabre_DAV.spec +++ b/php-sabredav-Sabre_DAV.spec @@ -1,12 +1,12 @@ %{!?__pear: %{expand: %%global __pear %{_bindir}/pear}} %global pear_name Sabre_DAV %global channelname pear.sabredav.org -%global mainver 1.8.6 -%global reldate 2013-06-18 +%global mainver 1.8.7 +%global reldate 2013-10-02 Name: php-sabredav-Sabre_DAV -Version: 1.8.6 -Release: 2%{?dist} +Version: 1.8.7 +Release: 1%{?dist} Summary: Sabre_DAV is a WebDAV framework for PHP Group: Development/Libraries @@ -105,6 +105,9 @@ fi %changelog +* Sat Oct 5 2013 Remi Collet <RPMS@FamilleCollet.com> 1.8.7-1 +- update to 1.8.7 + * Thu Sep 12 2013 Remi Collet <RPMS@FamilleCollet.com> 1.8.6-2 - fix roles diff --git a/sabreDav_BrowserPluginFix.patch b/sabreDav_BrowserPluginFix.patch deleted file mode 100644 index 449283f..0000000 --- a/sabreDav_BrowserPluginFix.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- Sabre_DAV-1.6.5/Sabre/DAV/Browser/Plugin.php 2012-10-04 08:02:37.000000000 -0400 -+++ SabreDAV/lib/Sabre/DAV/Browser/Plugin.php 2013-04-11 14:29:08.000000000 -0400 -@@ -439,14 +439,14 @@ - */ - protected function getLocalAssetPath($assetName) { - -+ $assetDir = __DIR__ . '/assets/'; -+ $path = $assetDir . $assetName; -+ - // Making sure people aren't trying to escape from the base path. -- $assetSplit = explode('/', $assetName); -- if (in_array('..',$assetSplit)) { -- throw new Sabre_DAV_Exception('Incorrect asset path'); -+ if (strpos(realpath($path), realpath($assetDir)) === 0) { -+ return $path; - } -- $path = __DIR__ . '/assets/' . $assetName; -- return $path; -- -+ throw new Sabre_DAV_Exception_Forbidden('Path does not exist, or escaping from the base path was detected'); - } - - /** |