Item11547: lets diff from 1.1.4 so the patch works

git-svn-id: http://svn.foswiki.org/branches/Release01x01@14050 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Feb 22, 2012 · 7de809c · 7de809c
1 parent e1b2d76
commit 7de809c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 62 deletions.
diff --git a/core/tools/pkg/fosiki/debian/dirs b/core/tools/pkg/fosiki/debian/dirs
@@ -2,4 +2,5 @@ var/lib/foswiki
 var/log/foswiki
 etc/foswiki
 usr/share/doc/foswiki
-usr/share/foswiki
+usr/share/foswiki
+
diff --git a/core/tools/pkg/fosiki/debian/patches/CVE-2012-1004.dpatch b/core/tools/pkg/fosiki/debian/patches/CVE-2012-1004.dpatch
@@ -5,67 +5,10 @@
 ## DP: No description.
 
 @DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' fosiki~/un/Foswiki-1.1.3/lib/Foswiki/UI/Register.pm fosiki/un/Foswiki-1.1.3/lib/Foswiki/UI/Register.pm
---- fosiki~/un/Foswiki-1.1.3/lib/Foswiki/UI/Register.pm	2011-04-17 06:29:33.000000000 +1000
-+++ fosiki/un/Foswiki-1.1.3/lib/Foswiki/UI/Register.pm	2012-02-09 11:12:25.000000000 +1100
-@@ -875,6 +875,7 @@
-             $session->{user} =
-               $session->{users}->getCanonicalUserID(
-                 $Foswiki::cfg{Register}{RegistrationAgentWikiName} );
-+            $regoAgent = $session->{user};
-
-             # SECURITY ISSUE:
-             # When upgrading an existing Wiki, the RegistrationUser is
-@@ -895,17 +896,28 @@
-             }
-         }
-
-+        my @addedTo;
-+
-         if ( ($enableAddToGroup) and ( $data->{AddToGroups} ) ) {
-             foreach my $groupName ( split( /,/, $data->{AddToGroups} ) ) {
-                 $session->{user} = $regoAgent;
-                 try {
-                     $users->addUserToGroup( $cUID, $groupName );
-+                    push @addedTo, $groupName;
-+                    print STDERR "Fell through adding $groupName\n";
-+                }
-+                catch Error::Simple with {
-+                    my $e = shift;
-+                    $session->logger->log( 'warning',
-+                        "Registration: Failure adding $cUID to $groupName" );
-                 }
-                 finally {
-                     $session->{user} = $safe;
-                 };
-             }
-         }
-+
-+        $data->{AddToGroups} = join( ',', @addedTo );
-     }
-     catch Error::Simple with {
-         my $e = shift;
-@@ -1219,6 +1231,10 @@
-     foreach my $fd ( @{ $data->{form} } ) {
-         my $name  = $fd->{name};
-         my $value = $fd->{value};
-+
-+        # Override value - Group list might have changed
-+        $value = $data->{AddToGroups} if ( $name eq 'AddToGroups' );
-+
-         if ( ( $name eq 'Password' ) && ($hidePassword) ) {
-             $value = '*******';
-         }
-@@ -1530,7 +1546,7 @@
-     # get all parameters from the form
-     my $data = {};
-     foreach my $key ( $query->param() ) {
--        if ( $key =~ /^(Twk([0-9])(.*))/
-+        if ( $key =~ /^((?:Twk|Fwk)([0-9])(.*))/
-             and ( defined( $query->param($key) ) ) )
-         {
-             my @values   = $query->param($key);
-@@ -1547,6 +1563,10 @@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' foswiki-1.1.4~/lib/Foswiki/UI/Register.pm foswiki-1.1.4/lib/Foswiki/UI/Register.pm
+--- foswiki-1.1.4~/lib/Foswiki/UI/Register.pm	2011-12-21 02:33:22.000000000 +1100
++++ foswiki-1.1.4/lib/Foswiki/UI/Register.pm	2012-02-09 11:12:25.000000000 +1100
+@@ -1563,6 +1563,10 @@
              # It is the responsibility of the implementation code to untaint
              # these data before they are used in dangerous ways.
              # DO NOT UNTAINT THESE DATA HERE!