View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004104 | Composr | [All Projects] General / Uncategorised | public | 2020-02-07 16:04 | 2020-02-07 16:54 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Severity | Major-bug | ||||
| Status | resolved | Resolution | fixed | ||
| Product Version | 10.0.30 | ||||
| Fixed in Version | |||||
| Summary | 0004104: Possible to crash site by banning an invalid IP address | ||||
| Description | The IP banning module does try to detect IP addresses are valid before banning them. Banning an invalid IP address is catastrophic on Apache because the ban is written into the .htaccess, and Apache will show a 500 error for any invalid IP address in there. Unfortunately simply putting 2 IP addresses together in sequence passes the Composr 'validity' test. Do full IP address validation. Also trim the ban reasons to keep things tidy. | ||||
| Tags | No tags attached. | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Fixed in git commit 12eddedcc (https://gitlab.com/composr-foundation/composr/commit/12eddedcc - link will become active once code pushed to GitLab) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-02-07 16:09 | Chris Graham | Description Updated | View Revisions |
| 2020-02-07 16:54 | Chris Graham | Project | Composr non-bundled addons => Composr |
| 2023-02-26 18:29 | Chris Graham | Category | General => General / Uncategorised |
