From: admin at angosso dot net
Operating system: Migration Localhost->_Server
PHP version: 5.3.15
Package: Built-in web server
Bug Type: Bug
Bug description:proxy_test.php
Description:
User Agent: Mozilla/5.0 (Windows NT 6.0; rv:14.0) Gecko/20100101
Firefox/14.0.1
Build ID: 20120713134347
Steps to reproduce:
user_pref("capability.policy.policynames", "strict");
user_pref("capability.policy.strict.sites", "http://www.hosting24.com
http://www.srv47.hosting24.com";);
user_pref("capability.policy.strict.Window.alert", "noAccess");
user_pref("capability.policy.strict.Window.confirm", "noAccess");
user_pref("capability.policy.strict.Window.prompt", "noAccess");
Test script:
---
"v=spf1 +a +mx +ip4:212.1.208.183 +a:srv47.hosting24.com
+mx:mail.angosso.net +mx:srv47.hosting24.com +include:angosso.net ?all"
Expected result:
function _parse_uri()
function _redirect( $uri ) {
$location = $this->_parse_location( $uri );
if ( $location['host'] != $this->host || $location['port'] !=
$this->port ) {
$this->host = $location['host'];
$this->port = $location['port'];
if ( !$this->_use_proxy) $this->disconnect();
}
usleep( 100 );
$this->get( $location['request_file'] . '?' . $location['query_string']
);
foreach( $this->cookies as $cookie_name => $cookie_data ) {
if ($cookie_data['expires'] > $none) {
$new_cookies[$cookie_name] = $cookie_data;
$domain = preg_quote( $cookie_data['angosso.net'] );
$path = preg_quote( $cookie_data['/home/angosson/public_html/www'] );
if ( preg_match( "'.*$domain$'i", $current_domain ) && preg_match(
"'^$path.*'i", $current_path ) )
$cookie_str .= $cookie_name . '=' .
$cookie_data['http://www.angosso.net/pub-page/economie.php'] . '; ';
}
}
Actual result:
--
Vulnerability
--
Edit bug report at https://bugs.php.net/bug.php?id=62753&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=62753&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=62753&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=62753&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=62753&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=62753&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=62753&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=62753&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=62753&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=62753&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=62753&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=62753&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=62753&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=62753&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=62753&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=62753&r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=62753&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=62753&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=62753&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=62753&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=62753&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=62753&r=mysqlcfg