Welcome, Guest
Username Password: Remember me
Forgot your password? Forgot your username? Create an account
Mobile Joomla!
Mobile Joomla! Forum
Mobile Joomla! 1.x

file_put_contents security issue
(1 viewing) (1) Guest
Reply Topic
New Topic
  • Page:
  • 1

TOPIC: file_put_contents security issue

file_put_contents security issue 13 years, 4 months ago #4696

  • Spubs
  • OFFLINE
  • Junior Boarder
  • Posts: 32
  • Karma: 0
Email conversation with server administrator:


I noticed you got rid of the master error for the file_put_contents function. But It is still there for 2 pages: coupons and opinion.

I have attached screenshots from the android emulator, iphone does the same thing, just those 2 pages.



file_put_contents() was already allowed normally, but apparently now
you've found a case where the code calls the function from within eval()
somewhere. That suggests ugly code somewhere and I don't like doing so
because of the impact it has on the security posture, but I've enabled
the file_put_contents() to be used within eval() as well now.


Also, I'm getting the following error in the android developer system, both mobile 2.2 and tablet 3.1:


error on line 65 at column 215: Opening and ending tag mismatch: div line 0 and script
Last Edit: 13 years, 4 months ago by Spubs.
Reply Quote

Re: file_put_contents security issue 13 years, 4 months ago #4727

  • Spubs
  • OFFLINE
  • Junior Boarder
  • Posts: 32
  • Karma: 0
echooo, am i talking to myself here?
Reply Quote

Re: file_put_contents security issue 13 years, 4 months ago #4728

  • dryabov
  • OFFLINE
  • Administrator
  • Denis Ryabov, Lead Developer
  • Posts: 4867
  • Karma: 105
1. Eval is used in Adsense module and it's the only way to run user-generated php code (workaround is to save content to a file and use include, but it's just indirect eval). But most likely this module will be updated soon to allow just enter Publisher ID instead of generated php code, keeping old method for "advanced" users.

2. What is url of the site to look at parsing issue?
Reply Quote

Re: file_put_contents security issue 13 years, 4 months ago #4738

  • Spubs
  • OFFLINE
  • Junior Boarder
  • Posts: 32
  • Karma: 0
www.theshorthorn.com
Reply Quote

Re: file_put_contents security issue 13 years, 4 months ago #4743

  • Spubs
  • OFFLINE
  • Junior Boarder
  • Posts: 32
  • Karma: 0
Test site:


Real site:
Reply Quote
Reply Topic
New Topic
  • Page:
  • 1
Mobile Joomla!
Mobile Joomla! Forum
Mobile Joomla! 1.x
Powered by Kunena
Time to create page: 0.07 seconds

By continuing to use this site you consent to the use of cookies on your device as described in our cookie policy unless you have disabled them. This site will not function correctly without cookies.

I accept cookies from this site.