Bug : | SQL injection, if Cluster Mode ON |
Status : | Fixed |
Severity : | Normal |
Reporter : | Amro ![]() |
Updated by : | Amro ![]() |
Category | General |
Version : | 173 |
Frequency : | Consistently |
Fixed in : | 175 |
Details : | common.php /*...*/ $usr['ip'] = ($cfg['clustermode']) ? $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] : $_SERVER['REMOTE_ADDR'] ; /*...*/ $userip = explode('.', $usr['ip']); fix $usr['ip'] = ($cfg['clustermode']) ? $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] : $_SERVER['REMOTE_ADDR'] ; if (!preg_match('#^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $usr['ip'])) { $usr['ip'] = '0.0.0.0'; } |
Items affected : | common.php |
None |