[MDL-12793] PARAM_HOST incorrect cleaning - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.6, 1.7, 1.8, 1.9
Fix Version/s: 1.6.6, 1.7.4, 1.8.4, 1.9
Component/s: General
Labels:
None

Affected Branches:
MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE
Fixed Branches:
MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

Description

incorrect use of preg_replace:

case PARAM_HOST: // allow FQDN or IPv4 dotted quad
preg_replace('/[^\.\d\w-]/','', $param ); // only allowed chars
....

Attachments

Activity

People

Assignee:: Petr Skoda

Reporter:: Petr Skoda

Tester:: Nobody

Participants:: Petr Skoda

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/Jan/08 11:27 AM

Updated:: 17/Dec/10 9:08 PM

Resolved:: 02/Jan/08 11:51 AM

Fix Release Date:: 11/Jan/08