Moodle

PARAM_HOST incorrect cleaning

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 1.6, 1.7, 1.8, 1.9
  • Fix Version/s: 1.6.6, 1.7.4, 1.8.4, 1.9
  • Component/s: General
  • Labels:
    None
  • Affected Branches:
    MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE
  • Fixed Branches:
    MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

Description

incorrect use of preg_replace:

case PARAM_HOST: // allow FQDN or IPv4 dotted quad
preg_replace('/[^\.\d\w-]/','', $param ); // only allowed chars
....

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

fixed in cvs

Show
Petr Škoda (skodak) added a comment - fixed in cvs
Hide
Permalink
Petr Škoda (skodak) added a comment -

downgrading - no dangerous characters should be able to get through

Show
Petr Škoda (skodak) added a comment - downgrading - no dangerous characters should be able to get through

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.