ports/66150: [PATCH] SECURITY UPDATE ports/www/phpbb for IP spoofing vulnerablity

Xin LI delphij at frontfree.net
Sat May 1 18:20:12 UTC 2004

The following reply was made to PR ports/66150; it has been noted by GNATS.

From: Xin LI <delphij at frontfree.net>
To: FreeBSD-gnats-submit at FreeBSD.org
Cc: vuxml at FreeBSD.org, Kang LIU <liukang at bjut.edu.cn>,
	portmgr at FreeBSD.org
Subject: Re: ports/66150: [PATCH] SECURITY UPDATE ports/www/phpbb for IP spoofing vulnerablity
Date: Sun, 2 May 2004 02:10:52 +0800

 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 Oops, forgot the attachment, it should be:
 Index: includes/sessions.php
 RCS file: /cvsroot/phpbb/phpBB2/includes/Attic/sessions.php,v
 retrieving revision
 diff -u -r1.58.2.10 sessions.php
 --- includes/sessions.php	5 Apr 2003 12:04:33 -0000
 +++ includes/sessions.php	17 Apr 2004 07:48:20 -0000
 @@ -147,7 +147,7 @@
  		$sql =3D "INSERT INTO " . SESSIONS_TABLE . "
  			(session_id, session_user_id, session_start, session_time, session_ip, =
 session_page, session_logged_in)
  			VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_i=
 p', $page_id, $login)";
 -		if ( !$db->sql_query($sql) )
 +		if ( $user_id !=3D ANONYMOUS && !$db->sql_query($sql) )
  			message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__,=
  __FILE__, $sql);
 @@ -380,4 +380,4 @@
  	return $url;
 \ No newline at end of file
 Xin LI <delphij frontfree net>	http://www.delphij.net/
 See complete headers for GPG key and other information.
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 Version: GnuPG v1.2.4 (FreeBSD)

More information about the freebsd-ports-bugs mailing list