head	1.4;
access;
symbols
	pkgsrc-2026Q1:1.4.0.46
	pkgsrc-2026Q1-base:1.4
	pkgsrc-2025Q4:1.4.0.44
	pkgsrc-2025Q4-base:1.4
	pkgsrc-2025Q3:1.4.0.42
	pkgsrc-2025Q3-base:1.4
	pkgsrc-2025Q2:1.4.0.40
	pkgsrc-2025Q2-base:1.4
	pkgsrc-2025Q1:1.4.0.38
	pkgsrc-2025Q1-base:1.4
	pkgsrc-2024Q4:1.4.0.36
	pkgsrc-2024Q4-base:1.4
	pkgsrc-2024Q3:1.4.0.34
	pkgsrc-2024Q3-base:1.4
	pkgsrc-2024Q2:1.4.0.32
	pkgsrc-2024Q2-base:1.4
	pkgsrc-2024Q1:1.4.0.30
	pkgsrc-2024Q1-base:1.4
	pkgsrc-2023Q4:1.4.0.28
	pkgsrc-2023Q4-base:1.4
	pkgsrc-2023Q3:1.4.0.26
	pkgsrc-2023Q3-base:1.4
	pkgsrc-2023Q2:1.4.0.24
	pkgsrc-2023Q2-base:1.4
	pkgsrc-2023Q1:1.4.0.22
	pkgsrc-2023Q1-base:1.4
	pkgsrc-2022Q4:1.4.0.20
	pkgsrc-2022Q4-base:1.4
	pkgsrc-2022Q3:1.4.0.18
	pkgsrc-2022Q3-base:1.4
	pkgsrc-2022Q2:1.4.0.16
	pkgsrc-2022Q2-base:1.4
	pkgsrc-2022Q1:1.4.0.14
	pkgsrc-2022Q1-base:1.4
	pkgsrc-2021Q4:1.4.0.12
	pkgsrc-2021Q4-base:1.4
	pkgsrc-2021Q3:1.4.0.10
	pkgsrc-2021Q3-base:1.4
	pkgsrc-2021Q2:1.4.0.8
	pkgsrc-2021Q2-base:1.4
	pkgsrc-2021Q1:1.4.0.6
	pkgsrc-2021Q1-base:1.4
	pkgsrc-2020Q4:1.4.0.4
	pkgsrc-2020Q4-base:1.4
	pkgsrc-2020Q3:1.4.0.2
	pkgsrc-2020Q3-base:1.4
	pkgsrc-2020Q2:1.3.0.60
	pkgsrc-2020Q2-base:1.3
	pkgsrc-2020Q1:1.3.0.40
	pkgsrc-2020Q1-base:1.3
	pkgsrc-2019Q4:1.3.0.62
	pkgsrc-2019Q4-base:1.3
	pkgsrc-2019Q3:1.3.0.58
	pkgsrc-2019Q3-base:1.3
	pkgsrc-2019Q2:1.3.0.56
	pkgsrc-2019Q2-base:1.3
	pkgsrc-2019Q1:1.3.0.54
	pkgsrc-2019Q1-base:1.3
	pkgsrc-2018Q4:1.3.0.52
	pkgsrc-2018Q4-base:1.3
	pkgsrc-2018Q3:1.3.0.50
	pkgsrc-2018Q3-base:1.3
	pkgsrc-2018Q2:1.3.0.48
	pkgsrc-2018Q2-base:1.3
	pkgsrc-2018Q1:1.3.0.46
	pkgsrc-2018Q1-base:1.3
	pkgsrc-2017Q4:1.3.0.44
	pkgsrc-2017Q4-base:1.3
	pkgsrc-2017Q3:1.3.0.42
	pkgsrc-2017Q3-base:1.3
	pkgsrc-2017Q2:1.3.0.38
	pkgsrc-2017Q2-base:1.3
	pkgsrc-2017Q1:1.3.0.36
	pkgsrc-2017Q1-base:1.3
	pkgsrc-2016Q4:1.3.0.34
	pkgsrc-2016Q4-base:1.3
	pkgsrc-2016Q3:1.3.0.32
	pkgsrc-2016Q3-base:1.3
	pkgsrc-2016Q2:1.3.0.30
	pkgsrc-2016Q2-base:1.3
	pkgsrc-2016Q1:1.3.0.28
	pkgsrc-2016Q1-base:1.3
	pkgsrc-2015Q4:1.3.0.26
	pkgsrc-2015Q4-base:1.3
	pkgsrc-2015Q3:1.3.0.24
	pkgsrc-2015Q3-base:1.3
	pkgsrc-2015Q2:1.3.0.22
	pkgsrc-2015Q2-base:1.3
	pkgsrc-2015Q1:1.3.0.20
	pkgsrc-2015Q1-base:1.3
	pkgsrc-2014Q4:1.3.0.18
	pkgsrc-2014Q4-base:1.3
	pkgsrc-2014Q3:1.3.0.16
	pkgsrc-2014Q3-base:1.3
	pkgsrc-2014Q2:1.3.0.14
	pkgsrc-2014Q2-base:1.3
	pkgsrc-2014Q1:1.3.0.12
	pkgsrc-2014Q1-base:1.3
	pkgsrc-2013Q4:1.3.0.10
	pkgsrc-2013Q4-base:1.3
	pkgsrc-2013Q3:1.3.0.8
	pkgsrc-2013Q3-base:1.3
	pkgsrc-2013Q2:1.3.0.6
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2013Q1:1.3.0.4
	pkgsrc-2013Q1-base:1.3
	pkgsrc-2012Q4:1.3.0.2
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2012Q3:1.2.0.28
	pkgsrc-2012Q3-base:1.2
	pkgsrc-2012Q2:1.2.0.26
	pkgsrc-2012Q2-base:1.2
	pkgsrc-2012Q1:1.2.0.24
	pkgsrc-2012Q1-base:1.2
	pkgsrc-2011Q4:1.2.0.22
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q3:1.2.0.20
	pkgsrc-2011Q3-base:1.2
	pkgsrc-2011Q2:1.2.0.18
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2011Q1:1.2.0.16
	pkgsrc-2011Q1-base:1.2
	pkgsrc-2010Q4:1.2.0.14
	pkgsrc-2010Q4-base:1.2
	pkgsrc-2010Q3:1.2.0.12
	pkgsrc-2010Q3-base:1.2
	pkgsrc-2010Q2:1.2.0.10
	pkgsrc-2010Q2-base:1.2
	pkgsrc-2010Q1:1.2.0.8
	pkgsrc-2010Q1-base:1.2
	pkgsrc-2009Q4:1.2.0.6
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.2.0.4
	pkgsrc-2009Q3-base:1.2
	pkgsrc-2009Q2:1.2.0.2
	pkgsrc-2009Q2-base:1.2
	pkgsrc-2009Q1:1.1.0.10
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.8
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.6
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.4
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.4
date	2020.09.07.10.34.52;	author mef;	state Exp;
branches;
next	1.3;
commitid	yzziWc1Qkbzet6nC;

1.3
date	2012.11.02.19.02.51;	author shattered;	state Exp;
branches;
next	1.2;

1.2
date	2009.04.09.10.15.01;	author kefren;	state Exp;
branches;
next	1.1;

1.1
date	2008.07.25.02.55.28;	author tonnerre;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2008.07.25.02.55.28;	author rtr;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2008.07.25.10.06.30;	author rtr;	state Exp;
branches;
next	;


desc
@@


1.4
log
@(sysutils/webmin) Add comments for patches
@
text
@$NetBSD: patch-az,v 1.3 2012/11/02 19:02:51 shattered Exp $

Set &html_escape for the safety

--- mailboxes/search_form.cgi.orig	2012-06-29 22:31:51.000000000 +0000
+++ mailboxes/search_form.cgi
@@@@ -13,9 +13,9 @@@@ require './mailboxes-lib.pl';
 
 # Start of form
 print &ui_form_start("mail_search.cgi");
-print &ui_hidden("user", $in{'user'});
-print &ui_hidden("dom", $in{'dom'});
-print &ui_hidden("ofolder", $in{'folder'});
+print &ui_hidden("user", &html_escape($in{'user'}));
+print &ui_hidden("dom", &html_escape($in{'user'}));
+print &ui_hidden("ofolder", &html_escape($in{'folder'}));
 print &ui_table_start($text{'sform_header'}, "width=100%", 2);
 
 # And/or mode
@@@@ -54,7 +54,7 @@@@ print &ui_table_row($text{'sform_folder2
 print &ui_table_end();
 print &ui_form_end([ [ undef, $text{'sform_ok'} ] ]);
 
-&ui_print_footer("list_mail.cgi?folder=$in{'folder'}&user=".
-		  &urlize($in{'user'})."&dom=$in{'dom'}", $text{'mail_return'},
+&ui_print_footer("list_mail.cgi?folder=" . &urlize($in{'folder'}) . "&user=".
+		  &urlize($in{'user'})."&dom=".&urlize($in{'dom'}), $text{'mail_return'},
 		 &user_list_link(), $text{'index_return'});
 
@


1.3
log
@Update to 1.600.  Closes PR/45066.

Too many changes to list here.
@
text
@d1 3
a3 1
$NetBSD$
@


1.2
log
@blind update to 1.470
Changelist since 1.370 is too large to be included in this message
so please consult:

 http://www.webmin.com/changes-1.380.html
 http://www.webmin.com/changes-1.390.html
 http://www.webmin.com/changes-1.400.html
 http://www.webmin.com/changes-1.410.html
 http://www.webmin.com/changes-1.420.html
 http://www.webmin.com/changes-1.430.html
 http://www.webmin.com/changes-1.440.html
 http://www.webmin.com/changes-1.450.html
 http://www.webmin.com/changes-1.460.html
 http://www.webmin.com/changes-1.470.html
@
text
@d1 5
a5 3
--- mailboxes/search_form.cgi.orig	2009-03-18 07:30:35.000000000 +0200
+++ mailboxes/search_form.cgi	2009-04-09 12:47:29.000000000 +0300
@@@@ -13,8 +13,8 @@@@
d10 1
d13 1
d18 1
a18 1
@@@@ -54,7 +54,7 @@@@
d23 1
d25 2
a26 2
 		  &urlize($in{'user'}), $text{'mail_return'},
 		 "", $text{'index_return'});
@


1.1
log
@Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).
@
text
@d1 3
a3 6
$NetBSD$

--- mailboxes/search_form.cgi.orig	2007-09-21 23:28:31.000000000 +0200
+++ mailboxes/search_form.cgi
@@@@ -12,8 +12,10 @@@@ require './mailboxes-lib.pl';
 	&folder_link($in{'user'}, $folder));
d5 7
a11 9
 print "<form action=mail_search.cgi>\n";
-print "<input type=hidden name=user value='$in{'user'}'>\n";
-print "<input type=hidden name=ofolder value='$in{'folder'}'>\n";
+print "<input type=hidden name=user value='" . &html_escape($in{'user'}) .
+	"'>\n";
+print "<input type=hidden name=ofolder value='" . &html_escape($in{'folder'}) .
+	"'>\n";
 print "<input type=radio name=and value=1 checked> $text{'sform_and'}\n";
 print "<input type=radio name=and value=0> $text{'sform_or'}<p>\n";
d13 4
a16 3
@@@@ -48,7 +50,7 @@@@ print " $text{'sform_folder'} ",&folder_
 					       $extra);
 print "</form>\n";
a18 2
-		  &urlize($in{'user'}), $text{'mail_return'},
-		 "", $text{'index_return'});
d20 2
a21 2
+		  &urlize($in{'user'}), $text{'mail_return'}, "",
+		  $text{'index_return'});
@


1.1.2.1
log
@file patch-az was added on branch pkgsrc-2008Q2 on 2008-07-25 10:06:30 +0000
@
text
@d1 28
@


1.1.2.2
log
@pullup ticket #2462 requested by tonnerre
webmin: patch for various security vulnerabilities

revisions pulled up:
pkgsrc/sysutils/webmin/Makefile		1.24
pkgsrc/sysutils/webmin/distinfo		1.16
pkgsrc/sysutils/webmin/patches/patch-ac	1.3
pkgsrc/sysutils/webmin/patches/patch-aj	1.1
pkgsrc/sysutils/webmin/patches/patch-ak	1.1
pkgsrc/sysutils/webmin/patches/patch-al	1.1
pkgsrc/sysutils/webmin/patches/patch-am	1.1
pkgsrc/sysutils/webmin/patches/patch-an	1.1
pkgsrc/sysutils/webmin/patches/patch-ao	1.1
pkgsrc/sysutils/webmin/patches/patch-ap	1.1
pkgsrc/sysutils/webmin/patches/patch-aq	1.1
pkgsrc/sysutils/webmin/patches/patch-ar	1.1
pkgsrc/sysutils/webmin/patches/patch-as	1.1
pkgsrc/sysutils/webmin/patches/patch-at	1.1
pkgsrc/sysutils/webmin/patches/patch-au	1.1
pkgsrc/sysutils/webmin/patches/patch-av	1.1
pkgsrc/sysutils/webmin/patches/patch-aw	1.1
pkgsrc/sysutils/webmin/patches/patch-ax	1.1
pkgsrc/sysutils/webmin/patches/patch-ay	1.1
pkgsrc/sysutils/webmin/patches/patch-az	1.1

   Module Name:	pkgsrc
   Committed By:	tonnerre
   Date:		Fri Jul 25 02:55:28 UTC 2008

   Modified Files:
   	pkgsrc/sysutils/webmin: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/webmin/patches: patch-ac patch-aj patch-ak
   patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as
   	    patch-at patch-au patch-av patch-aw patch-ax patch-ay
   patch-az

   Log Message:
   Fix various cross site scripting, arbitrary command execution and
   various other vulnerabilities in webmin (CVE-2008-0720).
@
text
@a0 28
$NetBSD: patch-az,v 1.1 2008/07/25 02:55:28 tonnerre Exp $

--- mailboxes/search_form.cgi.orig	2007-09-21 23:28:31.000000000 +0200
+++ mailboxes/search_form.cgi
@@@@ -12,8 +12,10 @@@@ require './mailboxes-lib.pl';
 	&folder_link($in{'user'}, $folder));
 
 print "<form action=mail_search.cgi>\n";
-print "<input type=hidden name=user value='$in{'user'}'>\n";
-print "<input type=hidden name=ofolder value='$in{'folder'}'>\n";
+print "<input type=hidden name=user value='" . &html_escape($in{'user'}) .
+	"'>\n";
+print "<input type=hidden name=ofolder value='" . &html_escape($in{'folder'}) .
+	"'>\n";
 print "<input type=radio name=and value=1 checked> $text{'sform_and'}\n";
 print "<input type=radio name=and value=0> $text{'sform_or'}<p>\n";
 
@@@@ -48,7 +50,7 @@@@ print " $text{'sform_folder'} ",&folder_
 					       $extra);
 print "</form>\n";
 
-&ui_print_footer("list_mail.cgi?folder=$in{'folder'}&user=".
-		  &urlize($in{'user'}), $text{'mail_return'},
-		 "", $text{'index_return'});
+&ui_print_footer("list_mail.cgi?folder=" . &urlize($in{'folder'}) . "&user=".
+		  &urlize($in{'user'}), $text{'mail_return'}, "",
+		  $text{'index_return'});
 
@