Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Debug
Closed tickets.
Important security fix
  • Page:
  • 1

TOPIC:

Important security fix 31 May 2015 12:21 #13203

  • admin
  • admin's Avatar Topic Author
  • Offline
  • Administrator
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 986
A local file inclusion (LFI) exploit has been found in your component.
Please upgrade your file.php class file as soon as possible in all your generated component.

Here is the source code of the function to replace :

in classes / file / file.php
public static function getDirectory($path)
{
	$markers = [MYCOMPONENT]Helper::getDirectories();

	$foundDir = false;

	// Search and parse the folders aliases
	foreach($markers as $marker => $pathStr)
	{
		// Make sure at least one folder alias has been defined
		if (preg_match("/^\[" . $marker . "\]/", $path))
			$foundDir = true;

		$path = preg_replace("/^\[" . $marker . "\]/", $pathStr, $path);
	}

	// A Marker directory MUST be defined > Local File Inclusion security
	if (!$foundDir)
		return null;

	// Protect against (Local File Inclusion)
	$path = preg_replace("/\.\.+/", "", $path);

	return $path;
}
Coding is now a piece of cake
The following user(s) said Thank You: MorganL

Please Log in or Create an account to join the conversation.
  • Page:
  • 1
Forum
Debug
Closed tickets.
Important security fix
Time to create page: 0.050 seconds

This is what you call a component builder. I was able to master using this in a very short time and the resulting component works like a charm. Not just a basic component builder but a fully working component builder with forms fields tables all ready to go. You can make the list and item views to display in the front and back end. Also there is a great forum just starting to evolve and I'm sure this will grow very rapidly when you all realise how good this tool is.
Kevin (JED)

         

Get Started

Log In Sign In