[Mod-security-developers] [JIRA] Resolved: (MODSEC-272) MATCHED_VARS does not correctly handle mult

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

     [ https://www.modsecurity.org/tracker/browse/MODSEC-272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-272.
--------------------------------------

    Resolution: Fixed

> MATCHED_VARS does not correctly handle multiple VARS with the same name
> -----------------------------------------------------------------------
>
>                 Key: MODSEC-272
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-272
>             Project: ModSecurity
>          Issue Type: Bug
>      Security Level: Normal
>          Components: Targets
>            Reporter: Ryan Barnett
>            Assignee: Breno Silva Pinto
>             Fix For: 2.6.3
>
>
> Recipe: Invoking rule 100908e00; [file "/usr/local/apache/conf/crs/activated_rules/modsecurity_crs_15_customrules.conf"] [line "1"].
> Rule 100908e00: SecRule "ARGS" "@rx test" "phase:1,chain,log,pass"
> Expanded "ARGS" to "ARGS:param|ARGS:param|ARGS:param".
> Transformation completed in 1 usec.
> Executing operator "rx" with param "test" against ARGS:param.
> Target value: "test"
> Operator completed in 5 usec.
> Transformation completed in 0 usec.
> Executing operator "rx" with param "test" against ARGS:param.
> Target value: "test1234"
> Operator completed in 1 usec.
> Transformation completed in 0 usec.
> Executing operator "rx" with param "test" against ARGS:param.
> Target value: "lasttest"
> Operator completed in 1 usec.
> Rule returned 1.
> Match -> mode NEXT_RULE.
> Recipe: Invoking rule 1009114d8; [file "/usr/local/apache/conf/crs/activated_rules/modsecurity_crs_15_customrules.conf"] [line "2"].
> Rule 1009114d8: SecRule "MATCHED_VARS" "@rx .*"
> Set variable "MATCHED_VARS:param" value "lasttest" size 8 to collection.
> Transformation completed in 1 usec.
> Executing operator "rx" with param ".*" against MATCHED_VARS:param.
> Target value: "lasttest"
> Operator completed in 5 usec.
> Warning. Pattern match ".*" at MATCHED_VARS:param. [file "/usr/local/apache/conf/crs/activated_rules/modsecurity_crs_15_customrules.conf"] [line "1"]
> Rule returned 1.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Mod-security-developers] [JIRA] Resolved: (MODSEC-272) MATCHED_VARS does not correctly handle mult

[Mod-security-developers] [JIRA] Resolved: (MODSEC-272) MATCHED_VARS does not correctly handle multiple VARS with the same name