Important update for Community Auth users |
05-21-2016, 09:19 PM
(This post was last modified: 05-21-2016, 10:28 PM by skunkbad. Edit Reason: Note regarding support for legacy versions of PHP )
Users of Community Auth for CI 3 should update to the current version or at least update the _rebuild_deny_list() method in Auth_model.php.
The Problem If the deny list in the .htaccess file is rebuilt, and if the .htaccess file is larger than a small size, the regular expression used in preg_replace may potentially create a condition where preg_replace returns an empty string, effectively wiping out the .htaccess file and thereby bringing the website down. The Bad Regex Code: /(?<=# BEGIN DENY LIST --)(.|\n)*(?=# END DENY LIST --)/ A Better Regex Code: /(?<=# BEGIN DENY LIST --).*?(?=# END DENY LIST --)/s The Best Solution As long as the deny list is ALWAYS at the top of the .htaccess file, rather than using preg_replace, a better solution is to use PHP's explode() function to cut the .htaccess file into a upper and lower portion, and then replace the upper portion (the deny list). For reference, here is the revised method as of 5/21/2016: Code: /** Note that your .htaccess file MUST have the deny list at the very top of the file. In any other place you would risk losing whatever is above the deny list. This is probably not a huge problem for many Community Auth users, but if one's login form was the victim of a brute force style attack, by default Community Auth does attempt to block the IP address associated with the requests, and so the rebuilding of the .htaccess file could happen at any time. Be sure to address this issue as soon as possible. Final Note Community Auth's support for PHP versions less than 5.4 has officially ended. Community Auth is actively developed on PHP 5.5 and PHP 7, and supporting PHP versions less than 5.4 is not worth the time. Honestly, it's difficult to imagine anyone wanting to work in an old legacy version of PHP. Get with the times folks! |
Welcome Guest, Not a member yet? Register Sign In |