[pLog-svn] r7202 - plog/branches/lifetype-1.2/class/net

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Thu Apr 25 06:04:21 EDT 2013


Author: jondaley
Date: 2013-04-25 06:04:21 -0400 (Thu, 25 Apr 2013)
New Revision: 7202

Modified:
   plog/branches/lifetype-1.2/class/net/dns.class.php
Log:
replace deprectad eregi with preg_match, and remove potential security issue by escaping the hostname before passing it to shell functions, and the preg_match check.  This happens to not be a security issue in the current lifetype, because the one place this function is used, the hostname is cleaned up prior to calling this function, but better to be safe, in case some caller is less careful in the future

Modified: plog/branches/lifetype-1.2/class/net/dns.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/net/dns.class.php	2013-04-25 09:16:05 UTC (rev 7201)
+++ plog/branches/lifetype-1.2/class/net/dns.class.php	2013-04-25 10:04:21 UTC (rev 7202)
@@ -16,7 +16,8 @@
 
     	/**
          * Static function that acts as a wrapper for the native checkdnsrr function. It first detects
-         * wether we're running in Windows or not and then uses the native version or the alternative one.
+         * whether we're running in Windows or not and then uses the native version or the alternative one.
+         * This can be removed once we only support PHP 5.3.0+
          *
          * For more information:          http://hk2.php.net/checkdnsrr
          *
@@ -56,11 +57,10 @@
         function checkdnsrr_windows( $host, $type = "MX" )
         {
         	if( !empty( $host ) ) {
-            	@exec( "nslookup -type=$type $host", $output );
-
+            	@exec( "nslookup -type=$type ".escapeshellarg($host), $output );
                 while( list( $k, $line ) = each( $output ) ) {
                 	// Valid records begin with host name:
-                    if( eregi( "^$host", $line ) ) {
+                    if( preg_match( "/^Name:\s+".str_replace("/", "\\/", $host)."/i", $line ) ) {
                     	// record found:
                         return true;
                     }



More information about the pLog-svn mailing list