TOPIC:

Important security fix 31 May 2015 12:21 #13203

admin
Topic Author
Offline
Administrator
Chef
Posts: 3711
Thank you received: 986

A local file inclusion (LFI) exploit has been found in your component.
Please upgrade your file.php class file as soon as possible in all your generated component.

Here is the source code of the function to replace :

in classes / file / file.php

public static function getDirectory($path)
{
	$markers = [MYCOMPONENT]Helper::getDirectories();

	$foundDir = false;

	// Search and parse the folders aliases
	foreach($markers as $marker => $pathStr)
	{
		// Make sure at least one folder alias has been defined
		if (preg_match("/^\[" . $marker . "\]/", $path))
			$foundDir = true;

		$path = preg_replace("/^\[" . $marker . "\]/", $pathStr, $path);
	}

	// A Marker directory MUST be defined > Local File Inclusion security
	if (!$foundDir)
		return null;

	// Protect against (Local File Inclusion)
	$path = preg_replace("/\.\.+/", "", $path);

	return $path;
}

Coding is now a piece of cake

The following user(s) said Thank You: MorganL

Please Log in or Create an account to join the conversation.

Page:
1

Forum

Debug

Closed tickets.

Important security fix

Time to create page: 0.071 seconds

“

”

Real time saver and great Component Builder tool ! I have been developing with J-Cook Pro Component Builder for several months now and can say with all honesty that this product/service is second to none. The product is feature rich and is being improved and added to all the time. Do yourself a favor if you need to build a Joomla! Component then you can do no wrong in trying the product. You will save on time and effort while being able to deliver your project on time. J-Cook pro does the hard work for you you then have the freedom to fully customise the end result for your own needs.

One word: Awesome.
Edwardcox (JED)

TOPIC:

Important security fix 31 May 2015 12:21 #13203

Get Started

Newsletter