phpBB3

DNS lookup for e-mail validation will always succeed if a default domain with a wildcard is set

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Resolution: Fixed
  • Affects Version/s: 3.0.1
  • Fix Version/s: 3.0.2
  • Component/s: Other
  • Labels:
    None
  • Environment:
    PHP Environment: 5.2.6
    Database: 5.0.32

Description

A bug in includes/functions.php will cause all lookups to succeed if a domain with a wildcard (*.serverdomain.com) is configured as the default/search domain in the operating system configuration.

As a result, a lookup for userdomain.com will return successful, as userdomain.com.serverdomain.com would be valid due to the wildcard. The wildcard configuration is not uncommon.

This can be fixed easily without harm by suffixing a period (dot) to the end of the host as in the below code-snippet. Adding this dot ignores any default lookup domain.

      1. includes/functions.php ###

else if (function_exists('checkdnsrr'))

{ return (checkdnsrr($host.'.', $type)) ? true : false; }

Activity

There are no comments yet on this issue.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.4#664-r167664) | Report a problem
Powered by a free Atlassian JIRA open source license for phpBB Ltd.. Try JIRA - bug tracking software for your team.