Home > Forum > Joomla components > Customers Who Bought... > SECURITY ISSUE modcustomerswhobought_j1.5_v1.0.11
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: SECURITY ISSUE modcustomerswhobought_j1.5_v1.0.11

SECURITY ISSUE modcustomerswhobought_j1.5_v1.​0.11 6 years 1 month ago #17138

Hi,

According to a programmer there is a security issue in the mod_customers_who_bought_j1.5_v1.0.11 module. The programmer tells my that in the javascript there are no escapes in the PHP code. Now he has change the following in the module:

On line 250,251 & 252
typea:"<?php echo $type_analisis; ?>",
max_page:"<?php echo $count_product_pages; ?>",
product:"<?php echo $countproduct ?>",

CHANGED TO
typea:<?php echo json_encode($type_analisis); ?>,
max_page:<?php echo json_encode($count_product_pages); ?>,
product:<?php echo json_encode($countproduct); ?>,

On line 336,337 & 338
typea:"<?php echo $type_analisis; ?>",
max_page:"<?php echo $count_product_pages; ?>",
product:"<?php echo $countproduct ?>",

CHANGED TO
typea:<?php echo json_encode($type_analisis); ?>,
max_page:<?php echo json_encode($count_product_pages); ?>,
product:<?php echo json_encode($countproduct); ?>,

On line 390,391,392 & 393
itemid:"<?php echo $Itemid; ?>",	
typea:"<?php echo $type_analisis; ?>",
page:"<?php echo $page; ?>",
flypage:"<?php echo $flypage; ?>",

CHANGED TO
itemid:<?php echo json_encode($Itemid); ?>,	
typea:<?php echo json_encode($type_analisis); ?>,
page:<?php echo json_encode($page); ?>,
flypage:<?php echo json_encode($flypage); ?>,

On line 531 & 532
flypage: '<?php echo $flypage; ?>',
Itemid:'<?php echo $Itemid; ?>',

CHANGED TO
flypage:<?php echo json_encode($flypage); ?>,
Itemid:<?php echo json_encode($Itemid); ?>,

Can you please let me know if this is a security leak, and if it will work. (I haven't updated it yet because I need a second opinion).

Looking forward to hear from your!

Regards,

Henry
Last Edit: 6 years 1 month ago by Henry Peeters.
The administrator has disabled public write access.

Re: SECURITY ISSUE modcustomerswhobought_j1.5_v1.​0.11 6 years 1 month ago #17147

  • Maria
  • Maria's Avatar
  • OFFLINE
  • JoomPlace Team
  • Posts: 1662
  • Thank you received: 388
  • Karma: 36
Hello Henry,

Function json_encode is a string displayed as json, i.e. in our case the function uses inverted commas for strings which are displayed by means of echo.
Frankly speaking, we don't quite see the difference as these strings are used with inverted commas anyway.

We did follow your advise, however, and implemented necessary changes. Please note the issue does not have to do with security leak.

The updated extension is already available in Members Area.
JoomPlace Support Team
The administrator has disabled public write access.
  • Page:
  • 1
Time to create page: 0.181 seconds