 Relationships |
|
| Anonymous | Login | Signup for a new account | 2013.05.22 11:59 CEST |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0002402 | [Piwigo] authentication | block | always | 2011.08.15 17:57 | 2011.09.16 09:43 | ||
| Reporter | flop25 | View Status | public | ||||
| Assigned To | |||||||
| Priority | normal | Resolution | fixed | Platform | |||
| Status | closed | OS | |||||
| Projection | none | OS Version | |||||
| ETA | none | Fixed in Version | 2.3.0 | Product Version | 2.2.4 | ||
| Target Version | 2.3.0beta3 | Product Build | |||||
| Summary | 0002402: vsprintf() [function.vsprintf ]: Too few arguments | ||||||
| Description |
see more detail on http://piwigo.org/forum/viewtopic.php?id=17956 [^] |
||||||
| Steps To Reproduce | a host upgraded to php 5.3.6 | ||||||
| Additional Information |
fix found : line 102 in include/functions_sessions.php /*return vsprintf( "%02X%02X", explode($separator,$_SERVER['REMOTE_ADDR']) ); */ return substr(md5($_SERVER['REMOTE_ADDR']), 0, 4); |
||||||
| Tags | No tags attached. | ||||||
| browser | any | ||||||
| Database engine and version | |||||||
| PHP version | |||||||
| Web server | Apache 1.3.x | ||||||
| Attached Files | |||||||
|
|
|||||||
|
Relationships |
|
|
Notes |
|
|
(0005398) svn (reporter) 2011.08.15 17:59 |
[Subversion] r11951 by flop25 on trunk -----[Subversion commit log]---------------------------------------------------- bug:2402 vsprintf() [function.vsprintf ]: Too few arguments => fix with that code but tests in various environements are needed |
|
(0005422) rvelices (developer) 2011.08.23 12:30 |
YOur commit it not at all equivalent to the previous code. The previous code protects against session hijacking. The new code will certainly not work when your computer/mobile device changes its IP (note that not all ISP provide fixed IPs) |
|
(0005426) flop25 (developer) 2011.08.24 11:28 |
thx. I was expecting someone more competent to check that what do you advise ? |
|
(0005432) rvelices (developer) 2011.08.25 15:19 |
if http_addr contains : then return '', otherwise use old style printf |
|
(0005531) rvelices (developer) 2011.09.16 09:43 |
ipv6 is ignored so far |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011.08.15 17:57 | flop25 | New Issue | |
| 2011.08.15 17:57 | flop25 | browser | => any |
| 2011.08.15 17:57 | flop25 | Web server | => Apache 1.3.x |
| 2011.08.15 17:59 | svn | Checkin | |
| 2011.08.15 17:59 | svn | Note Added: 0005398 | |
| 2011.08.23 12:30 | rvelices | Note Added: 0005422 | |
| 2011.08.24 11:28 | flop25 | Note Added: 0005426 | |
| 2011.08.25 15:19 | rvelices | Note Added: 0005432 | |
| 2011.09.16 09:43 | rvelices | Note Added: 0005531 | |
| 2011.09.16 09:43 | rvelices | Status | new => closed |
| 2011.09.16 09:43 | rvelices | Resolution | open => fixed |
| 2011.09.16 09:43 | rvelices | Fixed in Version | => 2.3.0RC3 |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group Contact |  |
