FreeLists / dokuwiki / [dokuwiki] fixing clientIP() (was: SECURITY WARNING)

[dokuwiki] || [Date Prev] [09-2006 Date Index] [Date Next] || [Thread Prev] [09-2006 Thread Index] [Thread Next]

[dokuwiki] fixing clientIP() (was: SECURITY WARNING)

From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Fri, 08 Sep 2006 14:40:54 +0200

so to sum it up the vulnerability is in dwpage.php but cleaning the ip is a good idea anyway (it's already done in the current devel I think).
It was Sep 3, darcs version I was using, so no its not done properly in the current version.


Hmm... are we talking about the clientIP() function?

This line should remove all nasty stuff, shouldn't it?

$ip[$i] = preg_replace('/[^0-9\.]+/','',$ip[$i]);

Or did I miss something?

Andi
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Follow-Ups:
- [dokuwiki] Re: fixing clientIP()
  - From: Chris Smith

References:
- [dokuwiki] Strange attack on the wiki
  - From: Oliver Schulze L.
- [dokuwiki] Re: Strange attack on the wiki
  - From: Burton Rosenberg
- [dokuwiki] Re: Strange attack on the wiki
  - From: Julian Monteiro
- [dokuwiki] Re: Strange attack on the wiki
  - From: Oliver Schulze L.
- [dokuwiki] SECURITY WARNING (was: Strange attack on the wiki)
  - From: Andreas Gohr
- [dokuwiki] Re: SECURITY WARNING
  - From: Chris Smith
- [dokuwiki] Re: SECURITY WARNING
  - From: Andreas Gohr
- [dokuwiki] Re: SECURITY WARNING
  - From: Chris Smith