https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37893

--- Comment #24 from David Cook <dc...@prosentient.com.au> ---
(In reply to Pedro Amorim from comment #22)
> Magnus and David, please take a look at this commit when you have the chance:
> https://github.com/openfifth/koha/commit/
> a0a003a5aaec12ac8103c3b4512478ddda1fbb8b

Looking at this again, I think you've got a typo for the $addr? You're trying
to put the port into that variable?

Even with that validation, the user would still be able to define any
non-privileged port and any IPv4 address. (Note that the validation would
prevent IPv6 addresses.)

--

Just to reiterate... I'm not worried about web users being able to successfully
bind to an IP address and port. I'm worried about them binding to addresses and
ports that they shouldn't.

(Of course, a workaround for that could be to have address and port limits in
koha-conf.xml with some sensible defaults. Like a limit on ports 6000-6999
although limits on IP address could be trickier because of differing setups.)

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to