|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2002-12-20 08:30 UTC] entis at poczta dot fm
[2003-01-03 05:57 UTC] mj@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri May 09 14:01:27 2025 UTC |
there is dangerous bug in Auth package ! In file \Auth\Container\DB.php In method Auth_Container_DB::fetchData In lines : ... $res = $this->query($query); if (DB::isError($res)) { return PEAR::raiseError($res->code, PEAR_ERROR_DIE); } else { ... compare raiseError definition : function &raiseError($message = null, $code = null, $mode = null, $options = null, $userinfo = null, $error_class = null, $skipmsg = false) code should be second parameter and mode should be third parameter. I check if something go wrong in fetching data from database, this code don't stop program (PEAR_ERROR_DIE isn't in correct place) and user can gain unauthorized access. Solution is very simple : ... $res = $this->query($query); if (DB::isError($res)) { return PEAR::raiseError('',$res->code, PEAR_ERROR_DIE); } else { ... i have also proposition for Auth::login method : replace this line : $login_ok = $this->storage->fetchData($this->username, $this->password); with this line : $login_ok = ($this->storage->fetchData($this->username, $this->password) === TRUE);