Menu

SQL Security Vulnerability

As you might have noticed, a security bug has been discovered in the way smbind sanitizes HTML input on the login page.

The bug is caused by a bad regex in the filter() function defined in all three version's (normal, view, and slave) include.php.

The fix is as follows:

--- php/src/include.php.orig 2010-09-08 21:14:31.000000000 -0400
+++ php/src/include.php 2010-09-08 21:14:59.000000000 -0400
@@ -93,8 +93,8 @@
}

function filter($type, $str, $empty = "yes") {
- $regex['num'] = "([0-9])";
- $regex['alphanum'] = "([A-Za-z0-9])";
+ $regex['num'] = "(^[0-9]*$)";
+ $regex['alphanum'] = "(^[A-Za-z0-9]*$)";
if(ereg($regex[$type], $str)) {
return true;
}

Posted by blentz 2010-09-09

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.