Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Debug
Closed tickets.
Important security fix
  • Page:
  • 1

TOPIC:

Important security fix 31 May 2015 12:21 #13203

  • admin
  • admin's Avatar Topic Author
  • Offline
  • Administrator
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 986
A local file inclusion (LFI) exploit has been found in your component.
Please upgrade your file.php class file as soon as possible in all your generated component.

Here is the source code of the function to replace :

in classes / file / file.php
public static function getDirectory($path)
{
	$markers = [MYCOMPONENT]Helper::getDirectories();

	$foundDir = false;

	// Search and parse the folders aliases
	foreach($markers as $marker => $pathStr)
	{
		// Make sure at least one folder alias has been defined
		if (preg_match("/^\[" . $marker . "\]/", $path))
			$foundDir = true;

		$path = preg_replace("/^\[" . $marker . "\]/", $pathStr, $path);
	}

	// A Marker directory MUST be defined > Local File Inclusion security
	if (!$foundDir)
		return null;

	// Protect against (Local File Inclusion)
	$path = preg_replace("/\.\.+/", "", $path);

	return $path;
}
Coding is now a piece of cake
The following user(s) said Thank You: MorganL

Please Log in or Create an account to join the conversation.
  • Page:
  • 1
Forum
Debug
Closed tickets.
Important security fix
Time to create page: 0.073 seconds

Just wanted to congratulate you on the J-Cook website / web development tool. In a couple of visits I've had a play around with Cook and have to say I think it is fantastic.  I've played with a number of component builders in the past and yours is certainly looking like the best so far. I'd also like to help you spread the word - I'm really surprised more people aren't excited about this tool. Good luck with the project.
Dean

Get Started

Log In Sign In