#4853 - Page parameters with '..' in, cause a fatal PHP error if static caching enabled

By Chris Graham
Added 27th May 2022, 12:52 AM
1 view

Identifier	#4853
Issue type	Trivial issue (does not break functionality)
Title	Page parameters with '..' in, cause a fatal PHP error if static caching enabled
Status	Completed
Handling member	Chris Graham
Version	10.0.42
Addon	core
Description	A hack-bot may try a URL like: index.php?page=../etc/passwd This will trigger Composr's hack-attack detection system. If static caching is enabled, this happens early in boot and causes a fatal error (logged to the error log).
Steps to reproduce
Funded?	No
Commits	Fixed MANTIS-4853 (Page parameters with '..' in, cause a fatal PHP error if static caching enabled) (bcca060b) · Commits · Composr ecosystem / Composr · GitLab

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

There have been no comments yet

Statistics

Forum statistics:	6K topics, 20K posts, 1K members Our newest member is Dorin Costin Maximuss Birthdays: rwill76 Jonsina99 omarfaruk007acri WhiteWoodsDecor viviaanzoe ludopeindia Urprinters emproncs