From 835bf1f39bc1d8fd346d0b42346ff261ed401e8e Mon Sep 17 00:00:00 2001
From: GeorgeClark <GeorgeClark@0b4bb1d4-4e5a-0410-9cc4-b2b747904278>
Date: Tue, 11 Dec 2012 04:49:22 +0000
Subject: [PATCH] Item12285: Better fix

Don't use references, they are not required.

Sync up the Patch contrib to the newest version.

git-svn-id: http://svn.foswiki.org/trunk/PatchItem12285Contrib@16189 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
---
 data/System/PatchItem12285Contrib.txt        |   3 +
 lib/Foswiki/Contrib/PatchItem12285Contrib.pm |   4 +-
 working/configure/patch/Item12285-001.patch  | 284 ++++++++++++++++---
 3 files changed, 248 insertions(+), 43 deletions(-)

diff --git a/data/System/PatchItem12285Contrib.txt b/data/System/PatchItem12285Contrib.txt
index 5f47edc..afb7f39 100644
--- a/data/System/PatchItem12285Contrib.txt
+++ b/data/System/PatchItem12285Contrib.txt
@@ -31,6 +31,8 @@ There is no "dependency order" established between patches.  Patches are install
 
 Patches will be mapped from the default Foswiki filename to the directory location used on the target system.
 
+Note:  This extension was re-released with a slightly different patch.  The previous fix works fine, but escaped more than was required.  The new version will re-apply the patch regardless of whether or not the old version was applied.
+
 
 ---++ Installation
 %$INSTALL_INSTRUCTIONS%
@@ -43,6 +45,7 @@ Patches will be mapped from the default Foswiki filename to the directory locati
 |  Dependencies: | %$DEPENDENCIES% |
 |  Version: | %$VERSION% |
 |  Change History: | <!-- versions below in reverse order -->&nbsp; |
+|  1.2 (10 Dec 2012) | Reissue with different fix. |
 |  1.1 (10 Dec 2012) | Minor changes |
 |  1.0 (10 Dec 2012) | Initial version |
 |  Home: | http://foswiki.org/Extensions/%TOPIC% |
diff --git a/lib/Foswiki/Contrib/PatchItem12285Contrib.pm b/lib/Foswiki/Contrib/PatchItem12285Contrib.pm
index f6e4550..6efd090 100644
--- a/lib/Foswiki/Contrib/PatchItem12285Contrib.pm
+++ b/lib/Foswiki/Contrib/PatchItem12285Contrib.pm
@@ -19,7 +19,7 @@ use warnings;
 # *must* exist in this package. This should always be in the format
 # $Rev$ so that Foswiki can determine the checked-in status of the
 # extension.
-our $VERSION = '1.1';
+our $VERSION = '1.2';
 
 # $RELEASE is used in the "Find More Extensions" automation in configure.
 # It is a manually maintained string used to identify functionality steps.
@@ -31,7 +31,7 @@ our $VERSION = '1.1';
 # date    - a date in 1 Jun 2009 format. Three letter English month names only.
 # Note: it's important that this string is exactly the same in the extension
 # topic - if you use %$RELEASE% with BuildContrib this is done automatically.
-our $RELEASE = '1.1';
+our $RELEASE = '1.2';
 
 our $SHORTDESCRIPTION = 'Patch a critical vulnerability in Locale::Maketext.';
 
diff --git a/working/configure/patch/Item12285-001.patch b/working/configure/patch/Item12285-001.patch
index 4fe6b0f..4b58a88 100644
--- a/working/configure/patch/Item12285-001.patch
+++ b/working/configure/patch/Item12285-001.patch
@@ -7,10 +7,10 @@ Date:   Mon Dec 10 00:49:20 2012 +0000
     
     git-svn-id: http://svn.foswiki.org/trunk@16178 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
 
-~~~PATCH 72c86f0c71519caf6d26efbe174739f6  lib/Foswiki/Macros/MAKETEXT.pm (Foswiki 1.1.0 - 1.1.2)
---- lib/Foswiki/Macros/MAKETEXT.pm.orig	2012-12-09 20:20:07.865197810 -0500
-+++ lib/Foswiki/Macros/MAKETEXT.pm	2012-12-09 23:50:00.655040822 -0500
-@@ -4,6 +4,15 @@
+~~~PATCH 72c86f0c71519caf6d26efbe174739f6  lib/Foswiki/Macros/MAKETEXT.pm (Foswiki 1.1.0 - Foswiki 1.1.2)
+--- MAKETEXT.pm.orig	2012-12-09 20:20:07.865197810 -0500
++++ MAKETEXT.pm	2012-12-10 16:58:03.651591792 -0500
+@@ -4,9 +4,18 @@
  use strict;
  use warnings;
  
@@ -18,15 +18,18 @@ Date:   Mon Dec 10 00:49:20 2012 +0000
 +my $escape =
 +  ( $Foswiki::cfg{UserInterfaceInternationalisation}
 +      && ( Locale::Maketext->VERSION() < 1.23 ) );
-+
-+my $max;
-+my $min;
-+my $param_error;
 +
  sub MAKETEXT {
      my ( $this, $params ) = @_;
  
-@@ -18,11 +27,16 @@
++    my $max;
++    my $min;
++    my $param_error;
++
+     my $str = $params->{_DEFAULT} || $params->{string} || "";
+     return "" unless $str;
+ 
+@@ -18,20 +27,24 @@
      $str =~ s/~~\[/~[/g;
      $str =~ s/~~\]/~]/g;
  
@@ -37,44 +40,153 @@ Date:   Mon Dec 10 00:49:20 2012 +0000
      # unescape parameters and calculate highest parameter number:
 -    my $max = 0;
 -    $str =~ s/~\[(\_(\d+))~\]/ $max = $2 if ($2 > $max); "[$1]"/ge;
--    $str =~
++    $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2, $max, $min, $param_error)/ge;
+     $str =~
 -s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ $max = $2 if ($2 > $max); "[$1]"/ge;
-+    $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2)/ge;
-+    $str =~ s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2)/ge;
++s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2, $max, $min, $param_error, $escape)/ge;
 +    return $str if ($param_error);
-+
-+    $str =~ s#\\#\\\\#g if $escape;
  
      # get the args to be interpolated.
      my $argsStr = $params->{args} || "";
-@@ -47,6 +61,22 @@
+ 
+     my @args = split( /\s*,\s*/, $argsStr );
+ 
+-    # fill omitted args with zeros
++    # fill omitted args with empty strings
+     while ( ( scalar @args ) < $max ) {
+-        push( @args, 0 );
++        push( @args, '' );
+     }
+ 
+     # do the magic:
+@@ -47,6 +60,35 @@
      return $result;
  }
  
 +sub _validate {
-+    $max = $_[1] if ( $_[1] > $max );
-+    $min = $_[1] if ( $_[1] < $min );
++
++    $_[2] = $_[1] if ( $_[1] > $_[2] );    # Record maximum param number
++    $_[3] = $_[1] if ( $_[1] < $_[3] );    # Record minimum param number
++
 +    if ( $_[1] > 100 ) {
-+        $param_error = 1;
++        $_[4] = 1;                         # Set error flag
 +        return
-+"<span class=\"foswikiAlert\">Excessive parameter number $max, MAKETEXT rejected.</span>";
++"<span class=\"foswikiAlert\">Excessive parameter number $_[2], MAKETEXT rejected.</span>";
 +    }
 +    if ( $_[1] < 1 ) {
-+        $param_error = 1;
++        $_[4] = 1;                         # Set error flag
 +        return
 +"<span class=\"foswikiAlert\">Invalid parameter <code>\"$_[0]\"</code>, MAKETEXT rejected.</span>";
 +    }
-+    return "[$_[0]]";
++
++    if ( $_[5] ) {
++
++        # Escape any escapes.
++        my $str = $_[0];                   # copy to allow modification
++        $str =~ s#\\#\\\\#g;               # escape any escapes
++        return "[$str]";
++    }
++    else {
++        return
++          "[$_[0]]";    # Return the complete bracket parameter without escapes
++    }
 +}
 +
  1;
  __END__
  Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 
-~~~PATCH  160f04fc478c5f9b81d2ef6c9e614074  lib/Foswiki/Macros/MAKETEXT.pm (Foswiki 1.1.3 - 1.1.6)
+~~~PATCH e7d32c175961f232a523ebcc3b45310f  lib/Foswiki/Macros/MAKETEXT.pm (Foswiki-1.1.0 - Foswiki-1.1.2 Patched)
+--- MAKETEXT.pm	2012-12-10 11:18:32.932577919 -0500
++++ MAKETEXT.pm	2012-12-10 16:58:03.651591792 -0500
+@@ -9,13 +9,13 @@
+   ( $Foswiki::cfg{UserInterfaceInternationalisation}
+       && ( Locale::Maketext->VERSION() < 1.23 ) );
+ 
+-my $max;
+-my $min;
+-my $param_error;
+-
+ sub MAKETEXT {
+     my ( $this, $params ) = @_;
+ 
++    my $max;
++    my $min;
++    my $param_error;
++
+     my $str = $params->{_DEFAULT} || $params->{string} || "";
+     return "" unless $str;
+ 
+@@ -32,20 +32,19 @@
+     $param_error = 0;
+ 
+     # unescape parameters and calculate highest parameter number:
+-    $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2)/ge;
+-    $str =~ s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2)/ge;
++    $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2, $max, $min, $param_error)/ge;
++    $str =~
++s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2, $max, $min, $param_error, $escape)/ge;
+     return $str if ($param_error);
+ 
+-    $str =~ s#\\#\\\\#g if $escape;
+-
+     # get the args to be interpolated.
+     my $argsStr = $params->{args} || "";
+ 
+     my @args = split( /\s*,\s*/, $argsStr );
+ 
+-    # fill omitted args with zeros
++    # fill omitted args with empty strings
+     while ( ( scalar @args ) < $max ) {
+-        push( @args, 0 );
++        push( @args, '' );
+     }
+ 
+     # do the magic:
+@@ -62,19 +61,32 @@
+ }
+ 
+ sub _validate {
+-    $max = $_[1] if ( $_[1] > $max );
+-    $min = $_[1] if ( $_[1] < $min );
++
++    $_[2] = $_[1] if ( $_[1] > $_[2] );    # Record maximum param number
++    $_[3] = $_[1] if ( $_[1] < $_[3] );    # Record minimum param number
++
+     if ( $_[1] > 100 ) {
+-        $param_error = 1;
++        $_[4] = 1;                         # Set error flag
+         return
+-"<span class=\"foswikiAlert\">Excessive parameter number $max, MAKETEXT rejected.</span>";
++"<span class=\"foswikiAlert\">Excessive parameter number $_[2], MAKETEXT rejected.</span>";
+     }
+     if ( $_[1] < 1 ) {
+-        $param_error = 1;
++        $_[4] = 1;                         # Set error flag
+         return
+ "<span class=\"foswikiAlert\">Invalid parameter <code>\"$_[0]\"</code>, MAKETEXT rejected.</span>";
+     }
+-    return "[$_[0]]";
++
++    if ( $_[5] ) {
++
++        # Escape any escapes.
++        my $str = $_[0];                   # copy to allow modification
++        $str =~ s#\\#\\\\#g;               # escape any escapes
++        return "[$str]";
++    }
++    else {
++        return
++          "[$_[0]]";    # Return the complete bracket parameter without escapes
++    }
+ }
+ 
+ 1;
+
+~~~PATCH 160f04fc478c5f9b81d2ef6c9e614074  lib/Foswiki/Macros/MAKETEXT.pm (Foswiki 1.1.3 - Foswiki 1.1.6)
 --- lib/Foswiki/Macros/MAKETEXT.pm.orig	2012-12-09 20:23:52.457636561 -0500
-+++ lib/Foswiki/Macros/MAKETEXT.pm	2012-12-09 20:24:15.624372152 -0500
-@@ -4,6 +4,10 @@
++++ lib/Foswiki/Macros/MAKETEXT.pm	2012-12-10 16:58:03.651591792 -0500
+@@ -4,9 +4,18 @@
  use strict;
  use warnings;
  
@@ -82,15 +194,18 @@ Date:   Mon Dec 10 00:49:20 2012 +0000
 +my $escape =
 +  ( $Foswiki::cfg{UserInterfaceInternationalisation}
 +      && ( Locale::Maketext->VERSION() < 1.23 ) );
-+
-+my $max;
-+my $min;
-+my $param_error;
 +
  sub MAKETEXT {
      my ( $this, $params ) = @_;
  
-@@ -18,11 +22,16 @@
++    my $max;
++    my $min;
++    my $param_error;
++
+     my $str = $params->{_DEFAULT} || $params->{string} || "";
+     return "" unless $str;
+ 
+@@ -18,11 +27,15 @@
      $str =~ s/~~\[/~[/g;
      $str =~ s/~~\]/~]/g;
  
@@ -101,38 +216,125 @@ Date:   Mon Dec 10 00:49:20 2012 +0000
      # unescape parameters and calculate highest parameter number:
 -    my $max = 0;
 -    $str =~ s/~\[(\_(\d+))~\]/ $max = $2 if ($2 > $max); "[$1]"/ge;
--    $str =~
++    $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2, $max, $min, $param_error)/ge;
+     $str =~
 -s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ $max = $2 if ($2 > $max); "[$1]"/ge;
-+    $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2)/ge;
-+    $str =~ s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2)/ge;
++s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2, $max, $min, $param_error, $escape)/ge;
 +    return $str if ($param_error);
-+
-+    $str =~ s#\\#\\\\#g if $escape;
  
      # get the args to be interpolated.
      my $argsStr = $params->{args} || "";
-@@ -47,6 +56,22 @@
+@@ -47,6 +60,35 @@
      return $result;
  }
  
 +sub _validate {
-+    $max = $_[1] if ( $_[1] > $max );
-+    $min = $_[1] if ( $_[1] < $min );
++
++    $_[2] = $_[1] if ( $_[1] > $_[2] );    # Record maximum param number
++    $_[3] = $_[1] if ( $_[1] < $_[3] );    # Record minimum param number
++
 +    if ( $_[1] > 100 ) {
-+        $param_error = 1;
++        $_[4] = 1;                         # Set error flag
 +        return
-+"<span class=\"foswikiAlert\">Excessive parameter number $max, MAKETEXT rejected.</span>";
++"<span class=\"foswikiAlert\">Excessive parameter number $_[2], MAKETEXT rejected.</span>";
 +    }
 +    if ( $_[1] < 1 ) {
-+        $param_error = 1;
++        $_[4] = 1;                         # Set error flag
 +        return
 +"<span class=\"foswikiAlert\">Invalid parameter <code>\"$_[0]\"</code>, MAKETEXT rejected.</span>";
 +    }
-+    return "[$_[0]]";
++
++    if ( $_[5] ) {
++
++        # Escape any escapes.
++        my $str = $_[0];                   # copy to allow modification
++        $str =~ s#\\#\\\\#g;               # escape any escapes
++        return "[$str]";
++    }
++    else {
++        return
++          "[$_[0]]";    # Return the complete bracket parameter without escapes
++    }
 +}
 +
  1;
  __END__
  Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 
+~~~PATCH 69d038b822d92083af189037aa254dab  lib/Foswiki/Macros/MAKETEXT.pm (Foswiki-1.1.3 - Foswiki-1.1.6 Patched)
+--- lib/Foswiki/Macros/MAKETEXT.pm	2012-12-10 00:04:59.830761183 -0500
++++ lib/Foswiki/Macros/MAKETEXT.pm	2012-12-10 16:58:03.651591792 -0500
+@@ -9,13 +9,13 @@
+   ( $Foswiki::cfg{UserInterfaceInternationalisation}
+       && ( Locale::Maketext->VERSION() < 1.23 ) );
+ 
+-my $max;
+-my $min;
+-my $param_error;
+-
+ sub MAKETEXT {
+     my ( $this, $params ) = @_;
+ 
++    my $max;
++    my $min;
++    my $param_error;
++
+     my $str = $params->{_DEFAULT} || $params->{string} || "";
+     return "" unless $str;
+ 
+@@ -32,12 +32,11 @@
+     $param_error = 0;
+ 
+     # unescape parameters and calculate highest parameter number:
+-    $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2)/ge;
+-    $str =~ s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2)/ge;
++    $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2, $max, $min, $param_error)/ge;
++    $str =~
++s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2, $max, $min, $param_error, $escape)/ge;
+     return $str if ($param_error);
+ 
+-    $str =~ s#\\#\\\\#g if $escape;
+-
+     # get the args to be interpolated.
+     my $argsStr = $params->{args} || "";
+ 
+@@ -62,19 +61,32 @@
+ }
+ 
+ sub _validate {
+-    $max = $_[1] if ( $_[1] > $max );
+-    $min = $_[1] if ( $_[1] < $min );
++
++    $_[2] = $_[1] if ( $_[1] > $_[2] );    # Record maximum param number
++    $_[3] = $_[1] if ( $_[1] < $_[3] );    # Record minimum param number
++
+     if ( $_[1] > 100 ) {
+-        $param_error = 1;
++        $_[4] = 1;                         # Set error flag
+         return
+-"<span class=\"foswikiAlert\">Excessive parameter number $max, MAKETEXT rejected.</span>";
++"<span class=\"foswikiAlert\">Excessive parameter number $_[2], MAKETEXT rejected.</span>";
+     }
+     if ( $_[1] < 1 ) {
+-        $param_error = 1;
++        $_[4] = 1;                         # Set error flag
+         return
+ "<span class=\"foswikiAlert\">Invalid parameter <code>\"$_[0]\"</code>, MAKETEXT rejected.</span>";
+     }
+-    return "[$_[0]]";
++
++    if ( $_[5] ) {
++
++        # Escape any escapes.
++        my $str = $_[0];                   # copy to allow modification
++        $str =~ s#\\#\\\\#g;               # escape any escapes
++        return "[$str]";
++    }
++    else {
++        return
++          "[$_[0]]";    # Return the complete bracket parameter without escapes
++    }
+ }
+ 
+ 1;