Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Debug
Closed tickets.
Important security fix
  • Page:
  • 1

TOPIC:

Important security fix 31 May 2015 12:21 #13203

  • admin
  • admin's Avatar Topic Author
  • Offline
  • Administrator
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 986
A local file inclusion (LFI) exploit has been found in your component.
Please upgrade your file.php class file as soon as possible in all your generated component.

Here is the source code of the function to replace :

in classes / file / file.php
public static function getDirectory($path)
{
	$markers = [MYCOMPONENT]Helper::getDirectories();

	$foundDir = false;

	// Search and parse the folders aliases
	foreach($markers as $marker => $pathStr)
	{
		// Make sure at least one folder alias has been defined
		if (preg_match("/^\[" . $marker . "\]/", $path))
			$foundDir = true;

		$path = preg_replace("/^\[" . $marker . "\]/", $pathStr, $path);
	}

	// A Marker directory MUST be defined > Local File Inclusion security
	if (!$foundDir)
		return null;

	// Protect against (Local File Inclusion)
	$path = preg_replace("/\.\.+/", "", $path);

	return $path;
}
Coding is now a piece of cake
The following user(s) said Thank You: MorganL

Please Log in or Create an account to join the conversation.
  • Page:
  • 1
Forum
Debug
Closed tickets.
Important security fix
Time to create page: 0.308 seconds

Hi All just wanted to add one more "thank you" voice to all those who discovered the value of this amazing application. The website I was working on went to production few days ago and I do not want to even try to imagine what would it take to build it without j-cook. So - endless thanks keep it running and evolving I believe it deserves to be the core tool for any joomla application! Thanks!
Michael (bmk028 - Forum)  

Get Started

Log In Sign In