summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--www-apps/mantisbt/ChangeLog10
-rw-r--r--www-apps/mantisbt/files/mantisbt-1.1.4-r5687:5688.patch (renamed from www-apps/mantisbt/files/mantis-1.1.4-r5702.patch)101
-rw-r--r--www-apps/mantisbt/mantisbt-1.1.4-r2.ebuild (renamed from www-apps/mantisbt/mantisbt-1.1.4-r1.ebuild)4
3 files changed, 93 insertions, 22 deletions
diff --git a/www-apps/mantisbt/ChangeLog b/www-apps/mantisbt/ChangeLog
index 413b9edcfc48..f2158588fbe7 100644
--- a/www-apps/mantisbt/ChangeLog
+++ b/www-apps/mantisbt/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for www-apps/mantisbt
# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/ChangeLog,v 1.71 2008/10/20 20:06:01 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/ChangeLog,v 1.72 2008/10/24 08:56:15 pva Exp $
+
+*mantisbt-1.1.4-r2 (24 Oct 2008)
+
+ 24 Oct 2008; Peter Volkov <pva@gentoo.org>
+ +files/mantisbt-1.1.4-r5687:5688.patch, -files/mantis-1.1.4-r5702.patch,
+ -mantisbt-1.1.4-r1.ebuild, +mantisbt-1.1.4-r2.ebuild:
+ Further fixes from upstream, reset password should work now, bug #243360,
+ thank Marek Królikowski for report.
*mantisbt-1.1.4-r1 (20 Oct 2008)
diff --git a/www-apps/mantisbt/files/mantis-1.1.4-r5702.patch b/www-apps/mantisbt/files/mantisbt-1.1.4-r5687:5688.patch
index 8dd544a57cc6..eed4dad1a5e4 100644
--- a/www-apps/mantisbt/files/mantis-1.1.4-r5702.patch
+++ b/www-apps/mantisbt/files/mantisbt-1.1.4-r5687:5688.patch
@@ -1,9 +1,14 @@
Index: lang/strings_english.txt
===================================================================
--- lang/strings_english.txt (revision 5688)
-+++ lang/strings_english.txt (working copy)
-@@ -301,6 +301,7 @@
- $MANTIS_ERROR[ERROR_SESSION_VAR_NOT_FOUND] = 'Session variable \'%s\' not found.';
++++ lang/strings_english.txt (revision 5719)
+@@ -298,9 +298,11 @@
+ $MANTIS_ERROR[ERROR_TAG_ALREADY_ATTACHED] = 'That tag already attached to that bug.';
+ $MANTIS_ERROR[ERROR_TOKEN_NOT_FOUND] = 'Token could not be found.';
+ $MANTIS_ERROR[ERROR_SESSION_HANDLER_INVALID] = 'Invalid session handler.';
+-$MANTIS_ERROR[ERROR_SESSION_VAR_NOT_FOUND] = 'Session variable \'%s\' not found.';
++$MANTIS_ERROR[ERROR_SESSION_VAR_NOT_FOUND] = 'Session variable "%s" not found.';
++$MANTIS_ERROR[ERROR_SESSION_NOT_VALID] = 'Your session has become invalidated.';
$MANTIS_ERROR[ERROR_FORM_TOKEN_INVALID] = 'Invalid form security token. Did you submit the form twice by accident?';
$MANTIS_ERROR[ERROR_INVALID_REQUEST_METHOD] = 'This page cannot be accessed using this method.';
+$MANTIS_ERROR[ERROR_INVALID_SORT_FIELD] = 'Invalid sort field.';
@@ -13,7 +18,7 @@ Index: lang/strings_english.txt
Index: account_page.php
===================================================================
--- account_page.php (revision 5688)
-+++ account_page.php (working copy)
++++ account_page.php (revision 5719)
@@ -94,6 +94,9 @@
<div align="center">
<form method="post" action="account_update.php">
@@ -27,7 +32,7 @@ Index: account_page.php
Index: core/utility_api.php
===================================================================
--- core/utility_api.php (revision 5688)
-+++ core/utility_api.php (working copy)
++++ core/utility_api.php (revision 5719)
@@ -192,10 +192,20 @@
$t_factor = 1;
}
@@ -54,7 +59,7 @@ Index: core/utility_api.php
Index: core/session_api.php
===================================================================
--- core/session_api.php (revision 5688)
-+++ core/session_api.php (working copy)
++++ core/session_api.php (revision 5719)
@@ -48,7 +48,7 @@
* to PHP's session.* settings in 'php.ini'.
*/
@@ -76,9 +81,11 @@ Index: core/session_api.php
session_start();
$this->id = session_id();
}
-@@ -103,12 +108,12 @@
+@@ -102,13 +107,14 @@
+
/**
* Initialize the appropriate session handler.
++ * @param string Session ID
*/
-function session_init() {
+function session_init( $p_session_id=null ) {
@@ -91,7 +98,50 @@ Index: core/session_api.php
break;
case 'adodb':
-@@ -190,4 +195,11 @@
+@@ -119,9 +125,42 @@
+ trigger_error( ERROR_SESSION_HANDLER_INVALID, ERROR );
+ break;
+ }
++
++ session_validate( $g_session );
+ }
+
+ /**
++ * Validate the legitimacy of a session.
++ * Checks may include last-known IP address, or more.
++ * Triggers an error when the session is invalid.
++ * @param object Session object
++ */
++function session_validate( $p_session ) {
++ $t_user_ip = '';
++ if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
++ $t_user_ip = trim( $_SERVER['REMOTE_ADDR'] );
++ }
++
++ if ( is_null( $t_last_ip = $p_session->get( 'last_ip', null ) ) ) {
++ # First session usage
++ $p_session->set( 'last_ip', $t_user_ip );
++
++ } else {
++ # Check a continued session request
++ if ( $t_user_ip != $t_last_ip ) {
++ session_clean();
++
++ trigger_error( ERROR_SESSION_NOT_VALID, WARNING );
++
++ $t_url = config_get_global( 'path' ) . config_get_global( 'default_home_page' );
++ echo "\t<meta http-equiv=\"Refresh\" content=\"4;URL=$t_url\" />\n";
++
++ die();
++ }
++ }
++}
++
++/**
+ * Get arbitrary data from the session.
+ * @param string Session variable name
+ * @param mixed Default value
+@@ -190,4 +229,11 @@
##### Initialize the session
@@ -107,7 +157,7 @@ Index: core/session_api.php
Index: core/constant_inc.php
===================================================================
--- core/constant_inc.php (revision 5688)
-+++ core/constant_inc.php (working copy)
++++ core/constant_inc.php (revision 5719)
@@ -195,6 +195,7 @@
define( 'ERROR_HANDLER_ACCESS_TOO_LOW', 17 );
define( 'ERROR_PAGE_REDIRECTION', 18 );
@@ -116,22 +166,35 @@ Index: core/constant_inc.php
# ERROR_CONFIG_*
define( 'ERROR_CONFIG_OPT_NOT_FOUND', 100 );
+@@ -326,6 +327,7 @@
+ # ERROR_SESSION_*
+ define ( 'ERROR_SESSION_HANDLER_INVALID', 2700);
+ define ( 'ERROR_SESSION_VAR_NOT_FOUND', 2701);
++ define ( 'ERROR_SESSION_NOT_VALID', 2702);
+
+ # ERROR_FORM_*
+ define ( 'ERROR_FORM_TOKEN_INVALID', 2800 );
+@@ -422,4 +424,3 @@
+ define( 'SPONSORSHIP_REQUESTED', 1 );
+ define( 'SPONSORSHIP_PAID', 2 );
+
+-?>
Index: verify.php
===================================================================
--- verify.php (revision 5688)
-+++ verify.php (working copy)
-@@ -42,6 +42,11 @@
++++ verify.php (revision 5719)
+@@ -40,6 +40,11 @@
+ # force logout on the current user if already authenticated
+ if( auth_is_user_authenticated() ) {
auth_logout();
++
++ # (Re)initialize session
++ session_regenerate_id();
++ session_init();
++ $g_session_pass_id = ON;
}
-+ # (Re)initialize session
-+ session_regenerate_id()
-+ session_init( session_id() );
-+ $g_session_pass_id = ON;
-+
$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
-
- if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
@@ -49,7 +54,6 @@
}
@@ -149,7 +212,7 @@ Index: verify.php
Index: core.php
===================================================================
--- core.php (revision 5688)
-+++ core.php (working copy)
++++ core.php (revision 5719)
@@ -145,7 +145,7 @@
require_once( $t_core_path.'database_api.php' );
diff --git a/www-apps/mantisbt/mantisbt-1.1.4-r1.ebuild b/www-apps/mantisbt/mantisbt-1.1.4-r2.ebuild
index fcc9a32c00b3..7b43f8a29eea 100644
--- a/www-apps/mantisbt/mantisbt-1.1.4-r1.ebuild
+++ b/www-apps/mantisbt/mantisbt-1.1.4-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/mantisbt-1.1.4-r1.ebuild,v 1.1 2008/10/20 20:06:01 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/mantisbt-1.1.4-r2.ebuild,v 1.1 2008/10/24 08:56:15 pva Exp $
inherit eutils webapp depend.php
@@ -31,7 +31,7 @@ src_unpack() {
unpack ${A}
cd "${S}"
rm -r "${S}/core/adodb/" # We use external adodb
- epatch "${FILESDIR}/mantis-1.1.4-r5702.patch"
+ epatch "${FILESDIR}/${P}-r5687:5688.patch"
}
src_install() {