PhpDig.net

Go Back   PhpDig.net > PhpDig Forums > Mod Submissions

Reply
 
Thread Tools
Old 05-14-2007, 06:09 AM   #1
zas
Green Mole
 
Join Date: May 2007
Posts: 1
phpdigSessionRemove() fix

In 1.8.8 version, define('PHPDIG_SESSID_VAR','PHPSESSID,s,from');
do not cause "from=_test_" to be stripped from url, but only "from=", that's a bug.
It's because '_' is not part of characters matched by ereg_replace() in phpdigSessionRemoveIt() defined in file robot_functions.php.

$what is not escaped before being concatenated to regexp, this is another potential issue, especially if a variable name contains a dot.
define(''PHPDIG_SESSID_VAR','PHPSESSID,d.c') will cause "doc=xxx' to be stripped for url.

Matching & doesn't make sense to me (& should be escaped if found in value isn't it ?).

I modified phpdigSessionRemoveIt() like this:

Code:
function phpdigSessionRemoveIt($what,$eval) {
    $eval = preg_replace('/([?&])'.preg_quote(trim($what)).'=[^&]*/','$1',$eval);
    $eval = str_replace('&&','&',$eval); 
    $eval = eregi_replace('[?][&]','?',$eval); 
    $eval = eregi_replace('&$','',$eval);
    $eval = ereg_replace('[?]$','',$eval); // remove trailing question mark
    return $eval;
}
It works for me.
zas is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fix timeouts at fgets() jinkas Mod Requests 0 08-25-2004 02:02 PM
links found : 0 -- Fix! David_Hogan Troubleshooting 0 05-06-2004 06:00 AM
Bug fix for pdftohtml alivin70 Mod Submissions 0 02-25-2004 07:19 AM
Regular Expression Fix Charter Mod Submissions 0 12-02-2003 11:58 PM
1.6.2 fix for logs table Charter Mod Submissions 0 09-13-2003 01:49 PM


All times are GMT -8. The time now is 06:33 PM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.