misc/71475: ACID (snort DB) detects versions incorrectly for PHP > v5.x

Ceri Davies ceri at FreeBSD.org
Wed Sep 8 03:50:26 PDT 2004 

The following reply was made to PR ports/71475; it has been noted by GNATS.

From: Ceri Davies <ceri at FreeBSD.org>
To: "David A. Koran" <dak at solo.net>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/71475: ACID (snort DB) detects versions incorrectly for PHP > v5.x
Date: Wed, 8 Sep 2004 11:47:19 +0100

 On Tue, Sep 07, 2004 at 09:22:05PM +0000, David A. Koran wrote:
 > 
 > >Description:
 > in "acid_db_common.php" the detection routines for PHP versions are incorrect and need to revised.
 > 
 > 
 > ----[section of code in question]----
 > 
 > function verify_php_build($DBtype)
 > /* Checks whether the necessary libraries is built into PHP */
 > {
 >   /* Check PHP version >= 4.0.4 */
 >   $current_php_version = phpversion();
 >   $version = explode(".", $current_php_version);
 > 
 >   /* account for x.x.xXX subversions possibly having text like 4.0.4pl1 */
 >   if ( is_numeric(substr($version[2], 1, 1)) )
 >      $version[2] = substr($version[2], 0, 2);
 >   else
 >      $version[2] = substr($version[2], 0, 1);
 > 
 >   /* only version PHP 4.0.4+ or 4.1+.* are valid */
 >   if ( !( ($version[0] >= 4) && ( ( ($version[1] == 0) && ($version[2] >= 4) ) ||
 >                                     ($version[1] > 0)  ) ) )
 >   {
 >      return "<FONT COLOR=\"#FF0000\">PHP ERROR</FONT>: ".
 >             "<B>Incompatible version</B>: <FONT>Version ".$current_php_version.
 >             " of PHP is too old.  Please upgrade to version 4.0.4 or later</FONT>";
 >   }
 > 
 > >How-To-Repeat:
 > Try to configure ACID with a stock install of PHP5 on Apache 1.3
 > >Fix:
 > I belive the problem lies within this comparison operator:
 > 
 > if ( !( ($version[0] >= 4) && ( ( ($version[1] == 0) && ($version[2] >= 4) ) ||
 >                                     ($version[1] > 0)  ) ) )
 
 This sounds like a fault with the code of the application rather than
 FreeBSD; could you report it to the author of the software if that's the
 case?  The fix will then get pulled in with the next update of the port.
 
 Ceri
 -- 
 It is not tinfoil, it is my new skin.  I am a robot.

More information about the freebsd-bugs mailing list