php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62753 proxy_test.php
Submitted: 2012-08-05 16:53 UTC Modified: 2012-08-06 01:13 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: admin at angosso dot net Assigned:
Status: Not a bug Package: Built-in web server
PHP Version: 5.3.15 OS: Migration Localhost->_Server
Private report: No CVE-ID: None
 [2012-08-05 16:53 UTC] admin at angosso dot net
Description:
------------
User Agent: Mozilla/5.0 (Windows NT 6.0; rv:14.0) Gecko/20100101 Firefox/14.0.1
Build ID: 20120713134347

Steps to reproduce:

user_pref("capability.policy.policynames", "strict");
   user_pref("capability.policy.strict.sites", "http://www.hosting24.com http://www.srv47.hosting24.com");
   user_pref("capability.policy.strict.Window.alert", "noAccess");
   user_pref("capability.policy.strict.Window.confirm", "noAccess");
   user_pref("capability.policy.strict.Window.prompt", "noAccess");


Test script:
---------------
"v=spf1 +a +mx +ip4:212.1.208.183 +a:srv47.hosting24.com +mx:mail.angosso.net +mx:srv47.hosting24.com +include:angosso.net ?all"

Expected result:
----------------
function _parse_uri()
     
     
    function _redirect( $uri ) {
    $location = $this->_parse_location( $uri );
    if ( $location['host'] != $this->host || $location['port'] != $this->port ) {
    $this->host = $location['host'];
    $this->port = $location['port'];
    if ( !$this->_use_proxy) $this->disconnect();
    }
    usleep( 100 );
    $this->get( $location['request_file'] . '?' . $location['query_string'] );
foreach( $this->cookies as $cookie_name => $cookie_data ) {
    if ($cookie_data['expires'] > $none) {
    $new_cookies[$cookie_name] = $cookie_data;
    $domain = preg_quote( $cookie_data['angosso.net'] );
    $path = preg_quote( $cookie_data['/home/angosson/public_html/www'] );
    if ( preg_match( "'.*$domain$'i", $current_domain ) && preg_match( "'^$path.*'i", $current_path ) )
    $cookie_str .= $cookie_name . '=' . $cookie_data['http://www.angosso.net/pub-page/economie.php'] . '; ';
    }
    }

Actual result:
--------------
Vulnerability


Patches

multipart_post_test.php (last revision 2012-08-05 16:56 UTC by admin at angosso dot net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-08-06 01:13 UTC] aharvey@php.net
I'm sorry, but this is gibberish. I don't know what an SPF record has to do with anything, there's no description of the "vulnerability", and it doesn't seem like it's a PHP side issue regardless if you're setting browser settings.
 [2012-08-06 01:13 UTC] aharvey@php.net
-Status: Open +Status: Not a bug
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat May 25 15:01:27 2019 UTC