The world's most advanced component creator for Joomla
An idea
MCD
Need a custom design
Get started
Need a custom design
Get started
Need a custom design
Get started
Need a custom design
Get started
Need a custom design
Get started
Need a custom design
Get started

Severity: high

We recommend you to upgrade all your generated components, at least the following file :

[backend component]/classes/file/file.php

Concerned function : getDirectory()

Here is a copy of the content of the function for users who do not have renewed their account:

public static function getDirectory($path)
{
    $markers = [MYCOMPONENT]Helper::getDirectories();
    $foundDir = false;
    // Search and parse the folders aliases
    foreach($markers as $marker => $pathStr)
    {
        // Make sure at least one folder alias has been defined
        if (preg_match("/^\[" . $marker . "\]/", $path))
            $foundDir = true;
        $path = preg_replace("/^\[" . $marker . "\]/", $pathStr, $path);
    }
    // A Marker directory MUST be defined > Local File Inclusion security
    if (!$foundDir)
        return null;
    // Protect against (Local File Inclusion)
    $path = preg_replace("/\.\.+/", "", $path);
    return $path;
}

Your client support is really awesome + rich and powerfull software.
foo42 (Forum)

Get Started

Log In Sign In