Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 7 Sep 2004 21:22:05 GMT
From:      "David A. Koran" <dak@solo.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/71475: ACID (snort DB) detects versions incorrectly for PHP > v5.x
Message-ID:  <200409072122.i87LM5ag076815@www.freebsd.org>
Resent-Message-ID: <200409072130.i87LUHXE066284@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         71475
>Category:       misc
>Synopsis:       ACID (snort DB) detects versions incorrectly for PHP > v5.x
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 07 21:30:17 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     David A. Koran
>Release:        FreeBSD 4.10-STABLE #6: Sun Aug 29 12:49:29 EDT 2004
>Organization:
SoundtrackNet, LLC
>Environment:
FreeBSD 4.10-STABLE #6: Sun Aug 29 12:49:29 EDT 2004   
>Description:
in "acid_db_common.php" the detection routines for PHP versions are incorrect and need to revised.


----[section of code in question]----

function verify_php_build($DBtype)
/* Checks whether the necessary libraries is built into PHP */
{
  /* Check PHP version >= 4.0.4 */
  $current_php_version = phpversion();
  $version = explode(".", $current_php_version);

  /* account for x.x.xXX subversions possibly having text like 4.0.4pl1 */
  if ( is_numeric(substr($version[2], 1, 1)) )
     $version[2] = substr($version[2], 0, 2);
  else
     $version[2] = substr($version[2], 0, 1);

  /* only version PHP 4.0.4+ or 4.1+.* are valid */
  if ( !( ($version[0] >= 4) && ( ( ($version[1] == 0) && ($version[2] >= 4) ) ||
                                    ($version[1] > 0)  ) ) )
  {
     return "<FONT COLOR=\"#FF0000\">PHP ERROR</FONT>: ".
            "<B>Incompatible version</B>: <FONT>Version ".$current_php_version.
            " of PHP is too old.  Please upgrade to version 4.0.4 or later</FONT>";
  }

>How-To-Repeat:
Try to configure ACID with a stock install of PHP5 on Apache 1.3
>Fix:
I belive the problem lies within this comparison operator:

if ( !( ($version[0] >= 4) && ( ( ($version[1] == 0) && ($version[2] >= 4) ) ||
                                    ($version[1] > 0)  ) ) )

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409072122.i87LM5ag076815>