whitelist.inc.php error whitelists everyone?

**gotMoxie** · 11-05-2009 04:16 PM

Installed Bad Behaviour to try to stop some subscription spam but think I found a bug in the code which makes the plugin whitelist all urls that are not listed in the whitelist url parameter.

From whitelist.inc.php:

PHP Code:


    if (!empty($bb2_whitelist_urls)) {

        $request_uri = substr($settings['request_uri'], 0, strpos($settings['request_uri'], "?"));

        foreach ($bb2_whitelist_urls as $url) {

            if (!strcmp($request_uri, $url)) return true;

        }

    }

Isn't this code saying that if the url and the whitlist url DON'T match then return true? Returning true indicates a whitelist situation and none of the other checks will be performed.

By changing this one line:

PHP Code:


    if (!strcmp($request_uri, $url)) return true;

to

PHP Code:


    if (strcmp($request_uri, $url)) return true;

Should solve the issue.

This seems to be in the latest Bad Behavior code.

Can someone check me on that?

**gotMoxie** · 11-05-2009 05:24 PM

Found the issue. Ignore the above code.

Here is the corrected code:

PHP Code:


    if (!empty($bb2_whitelist_urls)) {

        if(strpos($package['request_uri'], "?") === false) {

            $request_uri = $package['request_uri'];

        } else {

            $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));

        }

        foreach ($bb2_whitelist_urls as $url) {

            if (!strcmp($request_uri, $url)) return true;

        }

    }

In the code from 1.13, the code is trying to get the request_uri value from the $settings array but it is in the $package array.
Also, the substr function is always returning "" if ? is not in the url i.e., SEF is on.

**michiel_1981** · 11-06-2009 04:57 AM

I have updated repository to 2.0.32, I release a fixed version later today.
Further more I will check the SEF issue and report back.

Kind regards,
Michiel

ps: Joomla! needs a test suite.

**michiel_1981** · 11-12-2009 12:49 PM

Fixed in svn, release will follow.

Michiel

**vikrampareek** · 07-15-2010 09:09 AM

I really got here an awesome information and I am also looking for same thing.Through your post i have clear vision about my quires Thanks for the post.
bike authorized dealers

**mallanna142** · 07-28-2010 09:06 AM

Hi

It is useful to many ways and it is good

regards

phe9oxis

Thread: whitelist.inc.php error whitelists everyone?

Thread Tools

whitelist.inc.php error whitelists everyone?

Re: whitelist.inc.php error whitelists everyone?

Re: whitelist.inc.php error whitelists everyone?

Re: whitelist.inc.php error whitelists everyone?

Re: whitelist.inc.php error whitelists everyone?

Re: whitelist.inc.php error whitelists everyone?

Posting Permissions