PhpDig.net

Go Back   PhpDig.net > PhpDig Forums > Mod Submissions

Reply
 
Thread Tools
Old 05-14-2007, 07:09 AM   #1
zas
Green Mole
 
Join Date: May 2007
Posts: 1
phpdigSessionRemove() fix

In 1.8.8 version, define('PHPDIG_SESSID_VAR','PHPSESSID,s,from');
do not cause "from=_test_" to be stripped from url, but only "from=", that's a bug.
It's because '_' is not part of characters matched by ereg_replace() in phpdigSessionRemoveIt() defined in file robot_functions.php.

$what is not escaped before being concatenated to regexp, this is another potential issue, especially if a variable name contains a dot.
define(''PHPDIG_SESSID_VAR','PHPSESSID,d.c') will cause "doc=xxx' to be stripped for url.

Matching & doesn't make sense to me (& should be escaped if found in value isn't it ?).

I modified phpdigSessionRemoveIt() like this:

Code:
function phpdigSessionRemoveIt($what,$eval) {
    $eval = preg_replace('/([?&])'.preg_quote(trim($what)).'=[^&]*/','$1',$eval);
    $eval = str_replace('&&','&',$eval); 
    $eval = eregi_replace('[?][&]','?',$eval); 
    $eval = eregi_replace('&$','',$eval);
    $eval = ereg_replace('[?]$','',$eval); // remove trailing question mark
    return $eval;
}
It works for me.
zas is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fix timeouts at fgets() jinkas Mod Requests 0 08-25-2004 03:02 PM
links found : 0 -- Fix! David_Hogan Troubleshooting 0 05-06-2004 07:00 AM
Bug fix for pdftohtml alivin70 Mod Submissions 0 02-25-2004 08:19 AM
Regular Expression Fix Charter Mod Submissions 0 12-03-2003 12:58 AM
1.6.2 fix for logs table Charter Mod Submissions 0 09-13-2003 02:49 PM


All times are GMT -8. The time now is 01:19 AM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.