Ok, I've been waiting around for someone to respond to this, but it does'nt look like it's going to happen, so I'll just go right ahead and ask:
Exactly how is this achieved? I tried a few things on my DB... no results...
Don't get me wrong, I'm not asking so I can go around and wreak havoc on every web server running DBMan, I'm asking because it does'nt exactly seem like there are too many people concerned about this.
I mean, only 50 views? and No replies?
The code reads:
$regexp_func[$field] = eval "sub { m/$tmpreg/o }";
Now my perl knowledge isn't great, but the way I see it, as long as we don't evaluate the string (add an 'e' modifier) we're fine...
I could be wrong, I probobly am... But could someone please verify this? Because it isn't exaclty like people are jumping around to spread the word, and if any possible security bug should be squished, it's this one.
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
Exactly how is this achieved? I tried a few things on my DB... no results...
Don't get me wrong, I'm not asking so I can go around and wreak havoc on every web server running DBMan, I'm asking because it does'nt exactly seem like there are too many people concerned about this.
I mean, only 50 views? and No replies?
The code reads:
$regexp_func[$field] = eval "sub { m/$tmpreg/o }";
Now my perl knowledge isn't great, but the way I see it, as long as we don't evaluate the string (add an 'e' modifier) we're fine...
I could be wrong, I probobly am... But could someone please verify this? Because it isn't exaclty like people are jumping around to spread the word, and if any possible security bug should be squished, it's this one.
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/