[Mod-security-developers] [JIRA] Resolved: (MODSEC-114) ModSecurity should not accept non-numerical

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

     [ https://www.modsecurity.org/tracker/browse/MODSEC-114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-114.
--------------------------------------

    Resolution: Fixed

> ModSecurity should not accept non-numerical rule IDs
> ----------------------------------------------------
>
>                 Key: MODSEC-114
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-114
>             Project: ModSecurity
>          Issue Type: Bug
>      Security Level: Normal
>    Affects Versions: 2.5.11
>            Reporter: Ivan Ristic
>            Assignee: Breno Silva Pinto
>             Fix For: 2.7.0
>
>
> ModSecurity currently accepts non-numerical rule IDs in several places (at least in the id action and in SecRuleRemoveByID), but internally it assumes rule IDs are always numerical. Conversion to a number is used in at least one location. As a consequence, the removal of the rules with non-numerical IDs does not work. Or, rather, it works, but (because of the aforementioned conversion) all the non-numerical rules are removed. (I've spent limited time looking at the code. I may not be 100% correct here, but the removal definitely does not work.)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Mod-security-developers] [JIRA] Resolved: (MODSEC-114) ModSecurity should not accept non-numerical

[Mod-security-developers] [JIRA] Resolved: (MODSEC-114) ModSecurity should not accept non-numerical rule IDs