Issues

ZF-2880: Security issue in Zend_Cache_Core

Description

The method validateIdOrTag() should only allow [a-zA-Z0-9]. However, the preg_match() call misses the D-modifier and therefore also trailing newlines are allowed. This might not be the biggest problem on earth as I couldn't find any real attack scenario but this should be fixed anyway.

Comments

Fixes the newline injection by adding the D-modifier.

fixed in SVN trunk and in 1.5 branch

probably no real attack scenario possible

but...

I'm assuming this fix is merged to the 1.5 release branch for release with 1.5.1. Please update JIRA if this is not the case.