Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#1973 closed Bug (fixed)

Work around php bug #53632 (CVE-ID: 2010-4645)

Reported by: matt Owned by:
Priority: critical Milestone: Piwik 1.2
Component: Core Keywords:
Cc: Sensitive: no

Change History (7)

comment:1 Changed 3 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from new to closed

(In [3647]) Fixes #1973

comment:2 Changed 3 years ago by vipsoft (robocoder)

This should be moved to Common.php because that's where getRequestVar() is, and piwik.php doesn't always load Loader.php.

comment:3 Changed 3 years ago by matt (mattab)

(In [3648]) Refs #1973 good point Anthon!

comment:4 Changed 3 years ago by vipsoft (robocoder)

  • Resolution fixed deleted
  • Status changed from closed to reopened

I took a look at the original bug report. The reporter notes that 2.2250738585072008e-308 to 2.2250738585072010e-308 are also affected.

comment:5 Changed 3 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from reopened to closed

the report says " 2.2250738585072008e-308, 2.2250738585072009e-308, 2.2250738585072010e-308 and 2.2250738585072012e-308 -- which all convert to the same floating-point value -- do not cause this problem."

I tested on my server which interestingly is affected by this bug, and only ...2011 works

comment:6 Changed 3 years ago by vipsoft (robocoder)

Sorry. Misread. It's been a long day.

comment:7 Changed 3 years ago by vipsoft (robocoder)

  • Summary changed from Work around php bug #53632 to Work around php bug #53632 (CVE-ID: 2010-4645)
Note: See TracTickets for help on using tickets.