Date: Sat, 5 May 2012 12:28:07 +0930 (CST) From: Jarrod Sayers <jarrod@downtools.com.au> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/167601: [patch] ports-mgmt/tinderbox: Allow masking of PHP use and display_markup_log action Message-ID: <201205050258.q452w7vo057195@burbank.downtools.com.au> Resent-Message-ID: <201205050330.q453U9rX085626@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 167601 >Category: ports >Synopsis: [patch] ports-mgmt/tinderbox: Allow masking of PHP use and display_markup_log action >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat May 05 03:30:08 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Jarrod Sayers >Release: >Organization: >Environment: >Description: Tinderbox uses a hardcoded filename of index.php to refer to itself in hyperlinks within the application. When used with Apache (and likely other web servers) a correctly defined DirectoryIndex can remove the requirement to include the filename in these links. This (the HIDE_PHP knob) then assists in not easily disclosing the use of PHP when used in a public space. In addition to this, disclosure of log files may not be desired and while the "log" links can be controlled using "Allow from" controls, the display_markup_log action does not support any equivalent. A second option (the HIDE_MARKUP knob) removes the links from uses of "markup" and disables the use of the action by forcing a build and port identifier of -1 which does not exist. Both are off by default. >How-To-Repeat: >Fix: Attached diff can be downloaded from: http://www.downtools.com.au/~jarrod/FreeBSD/ports-mgmt-tinderbox-WITH_HIDE_PHP.diff --- ports-mgmt-tinderbox-WITH_HIDE_PHP.diff begins here --- diff -ruN ports/ports-mgmt/tinderbox.orig/Makefile ports/ports-mgmt/tinderbox/Makefile --- ports/ports-mgmt/tinderbox.orig/Makefile 2012-01-15 02:46:08.000000000 +1030 +++ ports/ports-mgmt/tinderbox/Makefile 2012-05-05 12:07:15.000000000 +0930 @@ -25,6 +25,8 @@ HIAWATHA "Use Hiawatha for web interface" Off \ LIGHTTPD "Use LightHTTPD for web interface" Off \ CHECK_FOR_ROOT "Check if ./tc is run by uid 0" On \ + HIDE_PHP "Hide index.php in webui templates" off \ + HIDE_MARKUP "Hide display_markup_log action" off \ LSOF "For killMountProcesses() when using nullfs" On NO_BUILD= yes @@ -102,6 +104,15 @@ .endif ${REINPLACE_CMD} -e 's/.set_rcvar./tinderd_enable/' \ ${WRKSRC}/etc/rc.d/tinderd +.if defined(WITH_WEBUI) +.if defined(WITH_HIDE_PHP) + @${REINPLACE_CMD} -e 's#index.php\?#\?#g' -e 's#index.php#\?#g' ${WRKSRC}/webui/templates/*/*.tpl +.endif +.if defined(WITH_HIDE_MARKUP) + @${REINPLACE_CMD} -e 's#<a href="[^"]*">markup</a>#markup#g' -e 's#>markup_log.*;#>markup_log(-1,-1)#g' \ + ${WRKSRC}/webui/templates/*/*.tpl ${WRKSRC}/webui/index.php +.endif +.endif @cd ${WRKSRC} && ${FIND} -E . -regex '.*(orig|bak)' -exec ${RM} {} \; do-install: --- ports-mgmt-tinderbox-WITH_HIDE_PHP.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205050258.q452w7vo057195>