[imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Olivier
olivier at ablinux.com
Mon May 23 10:58:05 UTC 2011
Hi,
apache 2.2.16
php 5.3.3 *with suhosin*
horde 4.0.3
imp 5.0.3
In my syslog, I have a lot of this message:
> suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request
> variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX', file
> '.../services/ajax.php')
And the search in dimp never respond !
It is the '\0' delimiter char of MAILBOX_PREFIX defined in
imp/lib/Search.php which is triggered by suhosin. I suggest you to
replace '\0' by '+'. On my server it seems to be ok.
Olivier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: olivier.vcf
Type: text/x-vcard
Size: 328 bytes
Desc: not available
URL: <http://lists.horde.org/archives/imp/attachments/20110523/69d58154/attachment.vcf>
More information about the imp
mailing list