PhpDig.net

PhpDig.net (http://www.phpdig.net/forum/index.php)
-   Mod Submissions (http://www.phpdig.net/forum/forumdisplay.php?f=24)
-   -   phpdigSessionRemove() fix (http://www.phpdig.net/forum/showthread.php?t=2770)

zas 05-14-2007 06:09 AM
phpdigSessionRemove() fix
 
In 1.8.8 version, define('PHPDIG_SESSID_VAR','PHPSESSID,s,from');
do not cause "from=_test_" to be stripped from url, but only "from=", that's a bug.
It's because '_' is not part of characters matched by ereg_replace() in phpdigSessionRemoveIt() defined in file robot_functions.php.

$what is not escaped before being concatenated to regexp, this is another potential issue, especially if a variable name contains a dot.
define(''PHPDIG_SESSID_VAR','PHPSESSID,d.c') will cause "doc=xxx' to be stripped for url.

Matching & doesn't make sense to me (& should be escaped if found in value isn't it ?).

I modified phpdigSessionRemoveIt() like this:

Code:
function phpdigSessionRemoveIt($what,$eval) {
    $eval = preg_replace('/([?&])'.preg_quote(trim($what)).'=[^&]*/','$1',$eval);
    $eval = str_replace('&&','&',$eval);
    $eval = eregi_replace('[?][&]','?',$eval);
    $eval = eregi_replace('&$','',$eval);
    $eval = ereg_replace('[?]$','',$eval); // remove trailing question mark
    return $eval;
}
It works for me.


All times are GMT -8. The time now is 10:54 AM.

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.