PhpDig.net

PhpDig.net (http://www.phpdig.net/forum/index.php)
-   Bug Tracker (http://www.phpdig.net/forum/forumdisplay.php?f=27)
-   -   Bug with PHPDIG_SESSID_VAR? (http://www.phpdig.net/forum/showthread.php?t=1540)

Edomondo 11-23-2004 05:52 AM
Bug with PHPDIG_SESSID_VAR?
 
It seems that the session ID remover have a small bug.

With the original configuration:
define('PHPDIG_SESSID_VAR','PHPSESSID,s');
every variable passed in the URL ending with one value of PHPDIG_SESSID_VAR are disregarded.

I add a problem with index.php?series=001 turned into index.php?serie.

Where is the function that uses PHPDIG_SESSID_VAR? :chicken:

indeh 11-30-2004 08:56 AM
I can confirm this bug. The function is phpdigSessionRemoveIt in robot_functions.php (line 1776):

PHP Code:
function phpdigSessionRemoveIt($what,$eval) {
    $what trim($what);
    $eval ereg_replace($what.'=[a-zA-Z0-9.,;=/-]*','',$eval);
    $eval str_replace("&&","&",$eval);
    $eval str_replace("?&","?",$eval);
    $eval eregi_replace("&$","",$eval);
    $eval str_replace("&&","&",$eval);
    $eval eregi_replace("[?][&]","?",$eval);
    $eval eregi_replace("&$","",$eval);
    $eval ereg_replace("[?]$","",$eval); // remove trailing question mark
    return $eval;

My regex skills are kind of rusty at the moment, but shouldn't the second line of the function be something more like:

PHP Code:
    $eval ereg_replace('([?&])'.$what.'=[a-zA-Z0-9.,;=/-]*','\\1',$eval); 


All times are GMT -8. The time now is 06:14 AM.

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.