| Bug : | SQL injection, if Cluster Mode ON |
| Status : | Fixed |
| Severity : | Normal |
| Reporter : | Amro  25-06-13 15:52 |
| Updated by : | Amro 29-06-13 22:35 |
| Category | General |
| Version : | 173 |
| Frequency : | Consistently |
| Fixed in : | 175 |
| Details : | common.php
/*...*/
$usr['ip'] = ($cfg['clustermode']) ? $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] : $_SERVER['REMOTE_ADDR'] ;
/*...*/
$userip = explode('.', $usr['ip']); fix
$usr['ip'] = ($cfg['clustermode']) ? $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] : $_SERVER['REMOTE_ADDR'] ;
if (!preg_match('#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $usr['ip'])) { $usr['ip'] = '0.0.0.0'; } |
| Items affected : | common.php |
History and comments :
| None |