|
Severity: high We recommend you to upgrade all your generated components, at least the following file : [backend component]/classes/file/file.php Concerned function : getDirectory()
Here is a copy of the content of the function for users who do not have renewed their account: public static function getDirectory($path)
{
$markers = [MYCOMPONENT]Helper::getDirectories();
$foundDir = false;
// Search and parse the folders aliases
foreach($markers as $marker => $pathStr)
{
// Make sure at least one folder alias has been defined
if (preg_match("/^\[" . $marker . "\]/", $path))
$foundDir = true;
$path = preg_replace("/^\[" . $marker . "\]/", $pathStr, $path);
}
// A Marker directory MUST be defined > Local File Inclusion security
if (!$foundDir)
return null;
// Protect against (Local File Inclusion)
$path = preg_replace("/\.\.+/", "", $path);
return $path;
}
|
Awards for the best Joomla app. This product is gonna win an award for this amazing job. Cook Self Service is the the best application from all over the Joomla universe ! It brings Joomla to a professional level really advanced for developers. It is a real fun to develop with it. The ACL part and security checks implementation are just... so much hours saved. I can now concentrate myself more on the design part and the creative works. Thank you so much. Guys I offer you all my congratulation ! Keep up the works because Joomla is needing it to increase the quality of extensions availables on the JED. I also learned a lot because I can see how to code at the proper place and I found all my answers reading the forum.