ZF-2880: Security issue in Zend_Cache_Core


The method validateIdOrTag() should only allow [a-zA-Z0-9]. However, the preg_match() call misses the D-modifier and therefore also trailing newlines are allowed. This might not be the biggest problem on earth as I couldn't find any real attack scenario but this should be fixed anyway.


Fixes the newline injection by adding the D-modifier.

fixed in SVN trunk and in 1.5 branch

probably no real attack scenario possible


I'm assuming this fix is merged to the 1.5 release branch for release with 1.5.1. Please update JIRA if this is not the case.