misc/71475: ACID (snort DB) detects versions incorrectly for
PHP > v5.x
Ceri Davies
ceri at FreeBSD.org
Wed Sep 8 03:50:26 PDT 2004
The following reply was made to PR ports/71475; it has been noted by GNATS.
From: Ceri Davies <ceri at FreeBSD.org>
To: "David A. Koran" <dak at solo.net>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/71475: ACID (snort DB) detects versions incorrectly for PHP > v5.x
Date: Wed, 8 Sep 2004 11:47:19 +0100
On Tue, Sep 07, 2004 at 09:22:05PM +0000, David A. Koran wrote:
>
> >Description:
> in "acid_db_common.php" the detection routines for PHP versions are incorrect and need to revised.
>
>
> ----[section of code in question]----
>
> function verify_php_build($DBtype)
> /* Checks whether the necessary libraries is built into PHP */
> {
> /* Check PHP version >= 4.0.4 */
> $current_php_version = phpversion();
> $version = explode(".", $current_php_version);
>
> /* account for x.x.xXX subversions possibly having text like 4.0.4pl1 */
> if ( is_numeric(substr($version[2], 1, 1)) )
> $version[2] = substr($version[2], 0, 2);
> else
> $version[2] = substr($version[2], 0, 1);
>
> /* only version PHP 4.0.4+ or 4.1+.* are valid */
> if ( !( ($version[0] >= 4) && ( ( ($version[1] == 0) && ($version[2] >= 4) ) ||
> ($version[1] > 0) ) ) )
> {
> return "<FONT COLOR=\"#FF0000\">PHP ERROR</FONT>: ".
> "<B>Incompatible version</B>: <FONT>Version ".$current_php_version.
> " of PHP is too old. Please upgrade to version 4.0.4 or later</FONT>";
> }
>
> >How-To-Repeat:
> Try to configure ACID with a stock install of PHP5 on Apache 1.3
> >Fix:
> I belive the problem lies within this comparison operator:
>
> if ( !( ($version[0] >= 4) && ( ( ($version[1] == 0) && ($version[2] >= 4) ) ||
> ($version[1] > 0) ) ) )
This sounds like a fault with the code of the application rather than
FreeBSD; could you report it to the author of the software if that's the
case? The fix will then get pulled in with the next update of the port.
Ceri
--
It is not tinfoil, it is my new skin. I am a robot.
More information about the freebsd-bugs
mailing list