TOPIC:

Important security fix 31 May 2015 12:21 #13203

admin
Topic Author
Offline
Administrator
Chef
Posts: 3711
Thank you received: 986

A local file inclusion (LFI) exploit has been found in your component.
Please upgrade your file.php class file as soon as possible in all your generated component.

Here is the source code of the function to replace :

in classes / file / file.php

public static function getDirectory($path)
{
	$markers = [MYCOMPONENT]Helper::getDirectories();

	$foundDir = false;

	// Search and parse the folders aliases
	foreach($markers as $marker => $pathStr)
	{
		// Make sure at least one folder alias has been defined
		if (preg_match("/^\[" . $marker . "\]/", $path))
			$foundDir = true;

		$path = preg_replace("/^\[" . $marker . "\]/", $pathStr, $path);
	}

	// A Marker directory MUST be defined > Local File Inclusion security
	if (!$foundDir)
		return null;

	// Protect against (Local File Inclusion)
	$path = preg_replace("/\.\.+/", "", $path);

	return $path;
}

Coding is now a piece of cake

The following user(s) said Thank You: MorganL

Please Log in or Create an account to join the conversation.

Page:
1

Forum

Debug

Closed tickets.

Important security fix

Time to create page: 0.068 seconds

“

”

Hi first of all I'd like to say that J-Cook is a great tool - the best component builder I tried so far...
Rymedia - Jonas

TOPIC:

Important security fix 31 May 2015 12:21 #13203

Get Started

Newsletter