https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37893
--- Comment #24 from David Cook <dc...@prosentient.com.au> --- (In reply to Pedro Amorim from comment #22) > Magnus and David, please take a look at this commit when you have the chance: > https://github.com/openfifth/koha/commit/ > a0a003a5aaec12ac8103c3b4512478ddda1fbb8b Looking at this again, I think you've got a typo for the $addr? You're trying to put the port into that variable? Even with that validation, the user would still be able to define any non-privileged port and any IPv4 address. (Note that the validation would prevent IPv6 addresses.) -- Just to reiterate... I'm not worried about web users being able to successfully bind to an IP address and port. I'm worried about them binding to addresses and ports that they shouldn't. (Of course, a workaround for that could be to have address and port limits in koha-conf.xml with some sensible defaults. Like a limit on ports 6000-6999 although limits on IP address could be trickier because of differing setups.) -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/