[Chameleon-dev] [Bug 373] [Chameleon]Use of "Query" widget generates a PHP fatal error

bugzilla-daemon at www.maptools.org bugzilla-daemon at www.maptools.org
Tue May 18 16:15:25 EDT 2004


http://www.maptools.org/bugzilla/show_bug.cgi?id=373

pspencer at dmsolutions.ca changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From pspencer at dmsolutions.ca  2004-05-18 16:15 -------
fix applied to php_utils/src/session/session.php.  The code now explicitly tests
to see if the app was started from 127.0.0.1 and won't refuse to open the
session if the ipadress is different.  I assume that this does open a security
hole for hackers that try to steal sessions from people who are accessing apps
running on localhost, but in general this should not be the case on servers and
should only happen to people who are testing before deploying.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


More information about the Chameleon-dev mailing list