Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002402 [Piwigo] authentication block always 2011.08.15 17:57 2011.09.16 09:43
Reporter flop25 View Status public  
Assigned To
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 2.3.0 Product Version 2.2.4
  Target Version 2.3.0beta3 Product Build
Summary 0002402: vsprintf() [function.vsprintf ]: Too few arguments
Description see more detail on http://piwigo.org/forum/viewtopic.php?id=17956 [^]
Steps To Reproduce a host upgraded to php 5.3.6
Additional Information fix found :
line 102 in include/functions_sessions.php
  /*return vsprintf(
    "%02X%02X",
 explode($separator,$_SERVER['REMOTE_ADDR'])
  ); */
  return substr(md5($_SERVER['REMOTE_ADDR']), 0, 4);
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships

-  Notes
(0005398)
svn (reporter)
2011.08.15 17:59

[Subversion] r11951 by flop25 on trunk

-----[Subversion commit log]----------------------------------------------------
bug:2402
vsprintf() [function.vsprintf ]: Too few arguments => fix with that code but tests in various environements are needed
(0005422)
rvelices (developer)
2011.08.23 12:30

YOur commit it not at all equivalent to the previous code.

The previous code protects against session hijacking. The new code will certainly not work when your computer/mobile device changes its IP (note that not all ISP provide fixed IPs)
(0005426)
flop25 (developer)
2011.08.24 11:28

thx. I was expecting someone more competent to check that
what do you advise ?
(0005432)
rvelices (developer)
2011.08.25 15:19

if http_addr contains : then return '', otherwise use old style printf
(0005531)
rvelices (developer)
2011.09.16 09:43

ipv6 is ignored so far

- Issue History
Date Modified Username Field Change
2011.08.15 17:57 flop25 New Issue
2011.08.15 17:57 flop25 browser => any
2011.08.15 17:57 flop25 Web server => Apache 1.3.x
2011.08.15 17:59 svn Checkin
2011.08.15 17:59 svn Note Added: 0005398
2011.08.23 12:30 rvelices Note Added: 0005422
2011.08.24 11:28 flop25 Note Added: 0005426
2011.08.25 15:19 rvelices Note Added: 0005432
2011.09.16 09:43 rvelices Note Added: 0005531
2011.09.16 09:43 rvelices Status new => closed
2011.09.16 09:43 rvelices Resolution open => fixed
2011.09.16 09:43 rvelices Fixed in Version => 2.3.0RC3


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker