ports/66150: [PATCH] SECURITY UPDATE ports/www/phpbb for IP
spoofing vulnerablity
Xin LI
delphij at frontfree.net
Sat May 1 11:10:57 PDT 2004
Oops, forgot the attachment, it should be:
Index: includes/sessions.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/Attic/sessions.php,v
retrieving revision 1.58.2.10
diff -u -r1.58.2.10 sessions.php
--- includes/sessions.php 5 Apr 2003 12:04:33 -0000 1.58.2.10
+++ includes/sessions.php 17 Apr 2004 07:48:20 -0000
@@ -147,7 +147,7 @@
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)";
- if ( !$db->sql_query($sql) )
+ if ( $user_id != ANONYMOUS && !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
}
@@ -380,4 +380,4 @@
return $url;
}
-?>
\ No newline at end of file
+?>
--
Xin LI <delphij frontfree net> http://www.delphij.net/
See complete headers for GPG key and other information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-vuxml/attachments/20040502/ca8a697a/attachment.bin
More information about the freebsd-vuxml
mailing list