WARNING - Fleixcontent contains serious security issue

micker
Offline
Administrator

13 years 6 months ago #11227 by micker

Replied by micker on topic WARNING - Fleixcontent contains serious security issue

thanks for message

FLEXIcontent is Free but involves a very big effort on our part.
Like the our support? (for a bug-free FC, despite being huge extension) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing reviews. Thanks![/size]

Please Log in or Create an account to join the conversation.

effrit
Offline
Premium Member

13 years 6 months ago #11250 by effrit

Replied by effrit on topic WARNING - Fleixcontent contains serious security issue

micker, thanks for reply.
i think that main goal now is "make the noise".
for example, you, as main ... PR-manager

may post material about this "some new plugins".
or may give it to me (for example) - then i made some "bright future came" review.

also we have some official "developers" on forum - lets make next release (php_thumb fix + working solutions from issue tracker).
developers, awake!

Please Log in or Create an account to join the conversation.

jwwicks
Offline
New Member

13 years 6 months ago #11251 by jwwicks

Replied by jwwicks on topic WARNING - Fleixcontent contains serious security issue

Here's the patch I created for my sites..

Added a if/else from the original code using PHP_OS to account for Windows etc...

I posted the patch to the SVN in a new issue.
code.google.com/p/flexicontent/i ... tail?id=85

Code:

//Patched using code from Everett to fix Vulnerability see (http://modxcms.com/forums/index.php?topic=54874.msg316279#msg316279)
  //JWicks
	function SafeExec($command) {
		static $AllowedExecFunctions = array();
		if (empty($AllowedExecFunctions)) {
			$AllowedExecFunctions = array('shell_exec'=>true, 'passthru'=>true, 'system'=>true, 'exec'=>true);
			foreach ($AllowedExecFunctions as $key => $value) {
				$AllowedExecFunctions[$key] = !phpthumb_functions::FunctionIsDisabled($key);
			}
		}
    
    // Strip off any commands after the first semi-colon
    // and prepare the data to be sent to the command line.
    // EVERETT @ www.fireproofsocks.com 9/26/2010
    if (strtoupper(substr(PHP_OS, 0, 3)) == "WIN") { //Windows
      $command = preg_replace('/&&.*$/','',$command);
    }
    else {
      $command = preg_replace('/;.*$/','',$command); // <-- *NIX only
    }
    $command = escapeshellcmd($command);


		$command .= ' 2>&1'; // force redirect stderr to stdout
		foreach ($AllowedExecFunctions as $execfunction => $is_allowed) {
			if (!$is_allowed) {
				continue;
			}
			$returnvalue = false;
			switch ($execfunction) {
				case 'passthru':
				case 'system':
					ob_start();
					$execfunction($command);
					$returnvalue = ob_get_contents();
					ob_end_clean();
					break;

				case 'exec':
					$output = array();
					$lastline = $execfunction($command, $output);
					$returnvalue = implode("\n", $output);
					break;

				case 'shell_exec':
					ob_start();
					$returnvalue = $execfunction($command);
					ob_end_clean();
					break;
			}
			return $returnvalue;
		}
		return false;
	}

Please Log in or Create an account to join the conversation.