Modules

Netquery 3.11 - Vulnerability Bugfix

RVirtue  02-Aug-2005 17:08 6291 Reads   1 comment 
The Netquery v3.11 bugfix is especially important for those sites where Netquery's local ping and/or local traceroute operations are enabled. For those who may prefer manual application of their own patch, user input for both of those operations is now fully "sanitized" the by using the following function:

function sanitizeSysString($string$min ''$max '')
{
  
$pattern '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i';
  
$string preg_replace($pattern''$string);
  
$string '"'.preg_replace('/$/''\$'$string).'"';
  
$len strlen($string);
  if(((
$min != '') && ($len $min)) || (($max != '') && ($len $max)))
    return 
FALSE;
  return 
$string;
}

Netquery links: Downloads | Manual | Live Demo | Forums
Rating 0/5
Rating: 0/5 (0 votes)
Voting is disabled!


Login

Who's Online

170 user(s) are online (3 user(s) are browsing Publisher)


Members: 0


Guests: 170


more...

Donat-O-Meter

Stats
Goal: AU$15.00
Due Date: Jul 31
Gross Amount: AU$0.00
Net Balance: AU$0.00
Left to go: AU$15.00
Make donations with PayPal!

Latest GitHub Commits

Categories