Worried that AdminMod is insecure? The AdminMod site has been updated with a security tip:
When using regular expressions in your users.ini file (i.e. use_regex set to 1) make sure you have a complete regex and that it matches only what you want it to match. Special characters which are often forgotten are the start "^" and end "$" characters.I think regular expressions spreading any further should be prevented. Perl and PHP will go straight to hell because of it!
Remember, when you have a line like "theo:somepass:12345" in your users.ini and use_regex set, then also the names "theodor" or "antheom" will match and gain admin access. Check if you actually meant "^theo$:somepass:12345".
Comment