www-apps/piwigo: backport fix for CVE-2020-8089

Drop old vulnerable version
Also backport some PHP 7.4 compatibility fixes

Bug: https://bugs.gentoo.org/709324
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org>

4 files changed, 197 insertions, 1 deletions

diff --git a/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch b/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch
new file mode 100644
index 000000000000..101777393cfe
--- /dev/null
+++ b/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch
@@ -0,0 +1,94 @@
+From 619849ff8b39f536e9ce40687c07589f8b262278 Mon Sep 17 00:00:00 2001
+From: plegall <plg@piwigo.org>
+Date: Fri, 7 Feb 2020 17:05:56 +0100
+Subject: [PATCH] fixes #1150 prevent HTML code in group name
+
+It avoids any stored XSS between administrators and it's totally useless to have HTML code in the group name.
+---
+ admin/group_list.php                         | 14 +++++++++++++-
+ admin/themes/default/template/group_list.tpl |  8 +++-----
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/admin/group_list.php b/admin/group_list.php
+index ba9c89fef..7e7a3bd9f 100644
+--- a/admin/group_list.php
++++ b/admin/group_list.php
+@@ -45,6 +45,11 @@
+   {
+     $page['errors'][] = l10n('The name of a group must not contain " or \' or be empty.');
+   }
++  else
++  {
++    $_POST['groupname'] = strip_tags($_POST['groupname']);
++  }
++
+   if (count($page['errors']) == 0)
+   {
+     // is the group not already existing ?
+@@ -107,7 +112,7 @@
+     $group_names = array_from_query($query, 'name');
+     foreach($groups as $group)
+     {
+-      $_POST['rename_'.$group] = stripslashes($_POST['rename_'.$group]);
++      $_POST['rename_'.$group] = strip_tags(stripslashes($_POST['rename_'.$group]));
+ 
+       if (in_array($_POST['rename_'.$group], $group_names))
+       {
+@@ -181,6 +186,8 @@
+ 
+   if ($action=="merge" and count($groups) > 1)
+   {
++    $_POST['merge'] = strip_tags($_POST['merge']);
++
+     // is the group not already existing ?
+     $query = '
+ SELECT COUNT(*)
+@@ -268,6 +275,11 @@
+       {
+         break;
+       }
++      else
++      {
++        $_POST['duplicate_'.$group.''] = strip_tags(stripslashes($_POST['duplicate_'.$group.'']));
++      }
++
+       // is the group not already existing ?
+       $query = '
+   SELECT COUNT(*)
+diff --git a/admin/themes/default/template/group_list.tpl b/admin/themes/default/template/group_list.tpl
+index b14ff1725..6f0291f3c 100644
+--- a/admin/themes/default/template/group_list.tpl
++++ b/admin/themes/default/template/group_list.tpl
+@@ -128,7 +128,7 @@ $(document).ready(function() {
+         {if not empty($groups)}
+         {foreach from=$groups item=group}
+         <p group_id="{$group.ID}" class="grp_action">
+-          <input type="text" class="large" name="rename_{$group.ID}" value="{$group.NAME}" onfocus="this.value=(this.value=='{$group.NAME}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$group.NAME}' : this.value;">
++          <input type="text" class="large" name="rename_{$group.ID}" value="{$group.NAME}">
+         </p>
+         {/foreach}
+         {/if}
+@@ -137,9 +137,8 @@ $(document).ready(function() {
+         <!-- merge -->
+         <div id="action_merge" class="bulkAction">
+           <p id="two_to_select">{'Please select at least two groups'|@translate}</p>
+-          {assign var='mergeDefaultValue' value='Type here the name of the new group'|@translate}
+           <p id="two_atleast">
+-            <input type="text" class="large" name="merge" value="{$mergeDefaultValue}" onfocus="this.value=(this.value=='{$mergeDefaultValue}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$mergeDefaultValue}' : this.value;">
++            <input type="text" class="large" name="merge" value="" placeholder="{'Type here the name of the new group'|translate}">
+           </p>
+         </div>
+ 
+@@ -150,11 +149,10 @@ $(document).ready(function() {
+ 
+         <!-- duplicate -->
+         <div id="action_duplicate" class="bulkAction">
+-        {assign var='duplicateDefaultValue' value='Type here the name of the new group'|@translate}
+         {if not empty($groups)}
+         {foreach from=$groups item=group}
+         <p group_id="{$group.ID}" class="grp_action">
+-          {$group.NAME} > <input type="text" class="large" name="duplicate_{$group.ID}" value="{$duplicateDefaultValue}" onfocus="this.value=(this.value=='{$duplicateDefaultValue}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$duplicateDefaultValue}' : this.value;">
++          {$group.NAME} > <input type="text" class="large" name="duplicate_{$group.ID}" value="" placeholder="{'Type here the name of the new group'|@translate}">
+         </p>
+         {/foreach}
+         {/if}
diff --git a/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch
new file mode 100644
index 000000000000..45d572799507
--- /dev/null
+++ b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch
@@ -0,0 +1,56 @@
+From 6f49712b57a4cbe362c0f3d3a1e67267d298fe8b Mon Sep 17 00:00:00 2001
+From: Tomas Krizek <tomas.krizek@mailbox.org>
+Date: Tue, 3 Dec 2019 21:56:44 +0100
+Subject: [PATCH] include/functions_cookie: use proper brackets for offset
+ access
+
+Fixes #1134
+---
+ admin/site_update.php            | 6 +++---
+ include/functions_cookie.inc.php | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/admin/site_update.php b/admin/site_update.php
+index 791a8d59e..e8fc78093 100644
+--- a/admin/site_update.php
++++ b/admin/site_update.php
+@@ -257,7 +257,7 @@
+       else
+       {
+         $insert['uppercats'] = $insert['id'];
+-        $insert{'rank'} = $next_rank['NULL']++;
++        $insert['rank'] = $next_rank['NULL']++;
+         $insert['global_rank'] = $insert['rank'];
+       }
+ 
+@@ -268,7 +268,7 @@
+           );
+ 
+       // add the new category to $db_categories and $db_fulldirs array
+-      $db_categories[$insert{'id'}] =
++      $db_categories[$insert['id']] =
+         array(
+           'id' => $insert['id'],
+           'parent' => (isset($parent)) ? $parent : Null,
+@@ -278,7 +278,7 @@
+           'global_rank' => $insert['global_rank']
+           );
+       $db_fulldirs[$fulldir] = $insert['id'];
+-      $next_rank[$insert{'id'}] = 1;
++      $next_rank[$insert['id']] = 1;
+     }
+     else
+     {
+diff --git a/include/functions_cookie.inc.php b/include/functions_cookie.inc.php
+index be9853d27..0eb159eb7 100644
+--- a/include/functions_cookie.inc.php
++++ b/include/functions_cookie.inc.php
+@@ -54,7 +54,7 @@ function cookie_path()
+   $scr = substr($scr,0,strrpos( $scr,'/'));
+ 
+   // add a trailing '/' if needed
+-  if ((strlen($scr) == 0) or ($scr{strlen($scr)-1} !== '/'))
++  if ((strlen($scr) == 0) or ($scr[strlen($scr)-1] !== '/'))
+   {
+     $scr .= '/';
+   }
diff --git a/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch
new file mode 100644
index 000000000000..71b7c1a8e834
--- /dev/null
+++ b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch
@@ -0,0 +1,41 @@
+From f1d1b55d82e9f2d77c5b54422bced31f44370ce0 Mon Sep 17 00:00:00 2001
+From: Ben <bnj@ewft.org>
+Date: Sun, 19 Jan 2020 18:28:16 +0100
+Subject: [PATCH] Fix PHP-7.4 Issue
+
+PHP-7.4 Issue  = "Trying to access array offset on value of type null" in functions_category.inc.php
+---
+ include/functions_category.inc.php | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php
+index 22997ee2f..64925a0c8 100644
+--- a/include/functions_category.inc.php
++++ b/include/functions_category.inc.php
+@@ -103,6 +103,8 @@ function get_categories_menu()
+   $result = pwg_query($query);
+   $cats = array();
+   $selected_category = isset($page['category']) ? $page['category'] : null;
++  $selected_category_id = isset($selected_category['id']) ? $selected_category['id'] : null;
++  $selected_category_id_uppercat = isset($selected_category['id_uppercat']) ? $selected_category['id_uppercat'] : null;
+   while ($row = pwg_db_fetch_assoc($result))
+   {
+     $child_date_last = @$row['max_date_last']> @$row['date_last'];
+@@ -122,8 +124,8 @@ function get_categories_menu()
+           ),
+         'URL' => make_index_url(array('category' => $row)),
+         'LEVEL' => substr_count($row['global_rank'], '.') + 1,
+-        'SELECTED' => $selected_category['id'] == $row['id'] ? true : false,
+-        'IS_UPPERCAT' => $selected_category['id_uppercat'] == $row['id'] ? true : false,
++        'SELECTED' => $selected_category_id == $row['id'] ? true : false,
++        'IS_UPPERCAT' => $selected_category_id_uppercat == $row['id'] ? true : false,
+         )
+       );
+     if ($conf['index_new_icon'])
+@@ -602,4 +604,4 @@ function remove_computed_category(&$cats, $cat)
+   unset($cats[$cat['cat_id']]);
+ }
+ 
+-?>
+\ No newline at end of file
++?>
diff --git a/www-apps/piwigo/piwigo-2.10.1.ebuild b/www-apps/piwigo/piwigo-2.10.1-r1.ebuild
index 208eb4ede249..84e1dab03f39 100644
--- a/www-apps/piwigo/piwigo-2.10.1.ebuild
+++ b/www-apps/piwigo/piwigo-2.10.1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -22,6 +22,11 @@ BDEPEND="app-arch/unzip"
 
 REQUIRED_USE="|| ( gd imagemagick )"
 
+PATCHES=(
+	"${FILESDIR}"/${P}-css_vuln.patch
+	"${FILESDIR}"/${P}-php7.4_deprecation.patch
+	"${FILESDIR}"/${P}-php7.4_notice.patch
+	)
 S=${WORKDIR}/${PN}
 
 src_install() {