-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brion Vibber wrote:
As I mentioned before, this is presumably because
you're using a
straight regex, with no anchor at the end, so it'll match subsets of a
hostname.
I was thinking that too. It would be quite easy to fix on the whitelist
end by tacking on loads of $. However...
It's debatable whether that's actually ever
desirable behavior, though.
It might be wise to assume that a whitelist/blacklist entry with no '/'
is meant to anchor at the end of the hostname and slip that in silently.
That's what I think too. By default, whitelist definitions need to be a
bit stricter. No one really minds if
badsite.com.newsite.com is blocked
(extremely strange subdomain conventions on
newsite.com to say the
least), but the reverse can be manipulated by domain squatters who have
all their subdomains pointing at a generic home page.
Granted, it doesn't seem to be a pressing issue, but we may have just
violated [[WP:BEANS]].
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFFa2KnqTO+fYacSNoRAsp4AJ0TbBF/zoy2VHFW3oI04bZwbKRP0gCdFtkX
9s40qG0WkVUEPNy0XKnl+bs=
=97HV
-----END PGP SIGNATURE-----