Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002402Piwigoauthenticationpublic2011.08.15 17:572011.09.16 09:43
Reporterflop25 
Assigned To 
PrioritynormalSeverityblockReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2.4 
Target Version2.3.0beta3Fixed in Version2.3.0 
Summary0002402: vsprintf() [function.vsprintf ]: Too few arguments
Descriptionsee more detail on http://piwigo.org/forum/viewtopic.php?id=17956 [^]
Steps To Reproducea host upgraded to php 5.3.6
Additional Informationfix found :
line 102 in include/functions_sessions.php
  /*return vsprintf(
    "%02X%02X",
 explode($separator,$_SERVER['REMOTE_ADDR'])
  ); */
  return substr(md5($_SERVER['REMOTE_ADDR']), 0, 4);
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0005398)
svn (reporter)
2011.08.15 17:59

[Subversion] r11951 by flop25 on trunk

-----[Subversion commit log]----------------------------------------------------
bug:2402
vsprintf() [function.vsprintf ]: Too few arguments => fix with that code but tests in various environements are needed
(0005422)
rvelices (developer)
2011.08.23 12:30

YOur commit it not at all equivalent to the previous code.

The previous code protects against session hijacking. The new code will certainly not work when your computer/mobile device changes its IP (note that not all ISP provide fixed IPs)
(0005426)
flop25 (developer)
2011.08.24 11:28

thx. I was expecting someone more competent to check that
what do you advise ?
(0005432)
rvelices (developer)
2011.08.25 15:19

if http_addr contains : then return '', otherwise use old style printf
(0005531)
rvelices (developer)
2011.09.16 09:43

ipv6 is ignored so far

- Issue History
Date Modified Username Field Change
2011.08.15 17:57 flop25 New Issue
2011.08.15 17:57 flop25 browser => any
2011.08.15 17:57 flop25 Web server => Apache 1.3.x
2011.08.15 17:59 svn Checkin
2011.08.15 17:59 svn Note Added: 0005398
2011.08.23 12:30 rvelices Note Added: 0005422
2011.08.24 11:28 flop25 Note Added: 0005426
2011.08.25 15:19 rvelices Note Added: 0005432
2011.09.16 09:43 rvelices Note Added: 0005531
2011.09.16 09:43 rvelices Status new => closed
2011.09.16 09:43 rvelices Resolution open => fixed
2011.09.16 09:43 rvelices Fixed in Version => 2.3.0RC3


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker