From owner-freebsd-ports-bugs@FreeBSD.ORG Sat May 5 03:30:10 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0407106566B for ; Sat, 5 May 2012 03:30:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A6AC88FC14 for ; Sat, 5 May 2012 03:30:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q453U9me085629 for ; Sat, 5 May 2012 03:30:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q453U9rX085626; Sat, 5 May 2012 03:30:09 GMT (envelope-from gnats) Resent-Date: Sat, 5 May 2012 03:30:09 GMT Resent-Message-Id: <201205050330.q453U9rX085626@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jarrod Sayers Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E5DF1065672 for ; Sat, 5 May 2012 03:27:54 +0000 (UTC) (envelope-from jarrod@burbank.downtools.com.au) Received: from mail.downtools.com.au (mail.downtools.com.au [123.136.33.243]) by mx1.freebsd.org (Postfix) with ESMTP id A5E9A8FC0A for ; Sat, 5 May 2012 03:27:53 +0000 (UTC) Received: from burbank.downtools.com.au (burbank.downtools.com.au [123.136.33.245]) by mail.downtools.com.au (8.14.4/8.14.4) with ESMTP id q452w7Jd057203 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 5 May 2012 12:28:08 +0930 (CST) (envelope-from jarrod@burbank.downtools.com.au) Received: from burbank.downtools.com.au (localhost [127.0.0.1]) by burbank.downtools.com.au (8.14.5/8.14.5) with ESMTP id q452w7Xn057196; Sat, 5 May 2012 12:28:07 +0930 (CST) (envelope-from jarrod@burbank.downtools.com.au) Received: (from jarrod@localhost) by burbank.downtools.com.au (8.14.5/8.14.5/Submit) id q452w7vo057195; Sat, 5 May 2012 12:28:07 +0930 (CST) (envelope-from jarrod) Message-Id: <201205050258.q452w7vo057195@burbank.downtools.com.au> Date: Sat, 5 May 2012 12:28:07 +0930 (CST) From: Jarrod Sayers To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/167601: [patch] ports-mgmt/tinderbox: Allow masking of PHP use and display_markup_log action X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jarrod Sayers List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 May 2012 03:30:10 -0000 >Number: 167601 >Category: ports >Synopsis: [patch] ports-mgmt/tinderbox: Allow masking of PHP use and display_markup_log action >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat May 05 03:30:08 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Jarrod Sayers >Release: >Organization: >Environment: >Description: Tinderbox uses a hardcoded filename of index.php to refer to itself in hyperlinks within the application. When used with Apache (and likely other web servers) a correctly defined DirectoryIndex can remove the requirement to include the filename in these links. This (the HIDE_PHP knob) then assists in not easily disclosing the use of PHP when used in a public space. In addition to this, disclosure of log files may not be desired and while the "log" links can be controlled using "Allow from" controls, the display_markup_log action does not support any equivalent. A second option (the HIDE_MARKUP knob) removes the links from uses of "markup" and disables the use of the action by forcing a build and port identifier of -1 which does not exist. Both are off by default. >How-To-Repeat: >Fix: Attached diff can be downloaded from: http://www.downtools.com.au/~jarrod/FreeBSD/ports-mgmt-tinderbox-WITH_HIDE_PHP.diff --- ports-mgmt-tinderbox-WITH_HIDE_PHP.diff begins here --- diff -ruN ports/ports-mgmt/tinderbox.orig/Makefile ports/ports-mgmt/tinderbox/Makefile --- ports/ports-mgmt/tinderbox.orig/Makefile 2012-01-15 02:46:08.000000000 +1030 +++ ports/ports-mgmt/tinderbox/Makefile 2012-05-05 12:07:15.000000000 +0930 @@ -25,6 +25,8 @@ HIAWATHA "Use Hiawatha for web interface" Off \ LIGHTTPD "Use LightHTTPD for web interface" Off \ CHECK_FOR_ROOT "Check if ./tc is run by uid 0" On \ + HIDE_PHP "Hide index.php in webui templates" off \ + HIDE_MARKUP "Hide display_markup_log action" off \ LSOF "For killMountProcesses() when using nullfs" On NO_BUILD= yes @@ -102,6 +104,15 @@ .endif ${REINPLACE_CMD} -e 's/.set_rcvar./tinderd_enable/' \ ${WRKSRC}/etc/rc.d/tinderd +.if defined(WITH_WEBUI) +.if defined(WITH_HIDE_PHP) + @${REINPLACE_CMD} -e 's#index.php\?#\?#g' -e 's#index.php#\?#g' ${WRKSRC}/webui/templates/*/*.tpl +.endif +.if defined(WITH_HIDE_MARKUP) + @${REINPLACE_CMD} -e 's#markup#markup#g' -e 's#>markup_log.*;#>markup_log(-1,-1)#g' \ + ${WRKSRC}/webui/templates/*/*.tpl ${WRKSRC}/webui/index.php +.endif +.endif @cd ${WRKSRC} && ${FIND} -E . -regex '.*(orig|bak)' -exec ${RM} {} \; do-install: --- ports-mgmt-tinderbox-WITH_HIDE_PHP.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: