Package: squirrelmail-lockout Version: 1.7-2 Severity: important Tags: patch, security, upstream
This bug is actively utilised by recent spambots. --- functions.php.orig 2010-11-04 09:02:13.000000000 +0100 +++ functions.php 2013-12-12 14:17:50.000000000 +0100 @@ -458,8 +458,8 @@ // check for match with hostname, redirect if found // - if (preg_match('/^' . str_replace(array('?', '*'), array('\w{1}', '.*?'), - strtoupper($matches[1])) . '$/', strtoupper($usersDomain))) + if (preg_match('/^\s*' . str_replace(array('?', '*'), array('\w{1}', '.*?'), + strtoupper($matches[1])) . '\s*$/', strtoupper($usersDomain))) { fclose($LOCKOUTTABLE); if ($reverseLockout) @@ -481,8 +481,8 @@ // check for match with hostname, redirect if found // - if (preg_match('/^' . str_replace(array('?', '*'), array('\w{1}', '.*?'), - strtoupper($matches[1])) . '$/', strtoupper($host))) + if (preg_match('/^\s*' . str_replace(array('?', '*'), array('\w{1}', '.*?'), + strtoupper($matches[1])) . '\s*$/', strtoupper($host))) { fclose($LOCKOUTTABLE); if ($reverseLockout) @@ -504,8 +504,8 @@ // check for match with username, redirect if found // - if (preg_match('/^' . str_replace(array('?', '*'), array('\w{1}', '.*?'), - strtoupper($matches[1])) . '$/', strtoupper($user))) + if (preg_match('/^\s*' . str_replace(array('?', '*'), array('\w{1}', '.*?'), + strtoupper($matches[1])) . '\s*$/', strtoupper($user))) { fclose($LOCKOUTTABLE); if ($reverseLockout) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org