[Chameleon-dev] [Bug 373] [Chameleon]Use of "Query" widget
generates a PHP fatal error
bugzilla-daemon at www.maptools.org
bugzilla-daemon at www.maptools.org
Tue May 18 16:15:25 EDT 2004
http://www.maptools.org/bugzilla/show_bug.cgi?id=373
pspencer at dmsolutions.ca changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From pspencer at dmsolutions.ca 2004-05-18 16:15 -------
fix applied to php_utils/src/session/session.php. The code now explicitly tests
to see if the app was started from 127.0.0.1 and won't refuse to open the
session if the ipadress is different. I assume that this does open a security
hole for hackers that try to steal sessions from people who are accessing apps
running on localhost, but in general this should not be the case on servers and
should only happen to people who are testing before deploying.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the Chameleon-dev
mailing list