Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?

Error logs in downloads

Asked Modified Viewed 939 times
S
Systemweb
S
  • Junior Member, joined since
  • Contributed 22 posts on the community forums.
  • Started 6 threads in the forums
  • Started this discussions
asked
Junior Member

In last weeks i had almost daily some new entries in Fusion Error Log about undefined indexes at download details page.

There are 2 different reasons for this:
1.) url parameter for download_id was manipulated and requested as: /downloads.php?download_id=7[0]
2.) someone tried sql injection: /downloads.php?download_id=-5442%27%29%29%20OR%207857%3D7857%20AND%20%28%28%27qCfV%27%3D%27qCfV

In both cases the download details site was shown with missing download data. That means there is no method included to handle invalid parameter data for download_id.

I've included a quick fix in my template file by adding following code after
defined('IN_FUSION') || exit;
:
// Fix for invalid download_id in url params
if (IsSet($_GET['download_id']) && (!IsNum($_GET['download_id']) || $_GET['download_id'] < 1)) {
   redirect(DOWNLOADS.'downloads.php');
   exit;
}

Maybe this change is better to implement in core files by dev team?
0 replies

1 post

C
Chan
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,841 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
answered
Super Admin

Thank you for letting us know the error.

See if this will also fix it. This uses later updated functions developed for next code revisions.

if (! get('download_id', FILTER_VALIDATE_INT) ) {
redirect(DOWNLOADS.'downloads.php');
}
0 replies

Statistics

  • Views 0 views
  • Posts 1 post
  • Votes 0 votes
  • Topic users 2 members

2 participants

C
C
Chan 0
Lead Developer of PHP-Fusion
  • Super Admin, joined since
  • Contributed 3,841 posts on the community forums.
  • Started 232 threads in the forums
  • Answered 6 questions
S
S
  • Junior Member, joined since
  • Contributed 22 posts on the community forums.
  • Started 6 threads in the forums
  • Started this discussions

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet