Package: squirrelmail-lockout
Version: 1.7-2
Severity: important
Tags: patch, security, upstream
This bug is actively utilised by recent spambots.
--- functions.php.orig 2010-11-04 09:02:13.000000000 +0100
+++ functions.php 2013-12-12 14:17:50.000000000 +0100
@@ -458,8 +458,8 @@
// check for match with hostname, redirect if found
//
- if (preg_match('/^' . str_replace(array('?', '*'), array('\w{1}',
'.*?'),
- strtoupper($matches[1])) . '$/',
strtoupper($usersDomain)))
+ if (preg_match('/^\s*' . str_replace(array('?', '*'),
array('\w{1}', '.*?'),
+ strtoupper($matches[1])) . '\s*$/',
strtoupper($usersDomain)))
{
fclose($LOCKOUTTABLE);
if ($reverseLockout)
@@ -481,8 +481,8 @@
// check for match with hostname, redirect if found
//
- if (preg_match('/^' . str_replace(array('?', '*'), array('\w{1}',
'.*?'),
- strtoupper($matches[1])) . '$/', strtoupper($host)))
+ if (preg_match('/^\s*' . str_replace(array('?', '*'),
array('\w{1}', '.*?'),
+ strtoupper($matches[1])) . '\s*$/',
strtoupper($host)))
{
fclose($LOCKOUTTABLE);
if ($reverseLockout)
@@ -504,8 +504,8 @@
// check for match with username, redirect if found
//
- if (preg_match('/^' . str_replace(array('?', '*'), array('\w{1}',
'.*?'),
- strtoupper($matches[1])) . '$/', strtoupper($user)))
+ if (preg_match('/^\s*' . str_replace(array('?', '*'),
array('\w{1}', '.*?'),
+ strtoupper($matches[1])) . '\s*$/',
strtoupper($user)))
{
fclose($LOCKOUTTABLE);
if ($reverseLockout)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
