Changeset 1499

Show
Ignore:
Timestamp:
02/19/08 23:18:27 (6 months ago)
Author:
Rickard
Message:

Fixed XSS vulnerability involving the get_host parameter. Reported by Dante90.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/upload/moderate.php

    r941 r1499  
    3636 
    3737        // Is get_host an IP address or a post ID? 
    38         if (@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_GET['get_host'])) 
     38        if (@preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $_GET['get_host'])) 
    3939                $ip = $_GET['get_host']; 
    4040        else