PEAK XOOPS - Contamination not logged. 
Contamination not logged.
- You cannot open a new topic into this forum
- Guests cannot post into this forum
moonrakre
Posts: 4
Posts: 4
When I try this check:
http://www.mywebsite.com/index.php?xoopsConfig%5Bnocommon%5D=1
I get thrown to the home page, but there is no log of the contamination in the protection centre.
I have the contamination action set to blank screen, and the same happens if I set it to None(only logging). (I don't want to try ban the IP as it is my IP!). This happens when I try from not logged in, logged in as a registered user or logged in as webmaster.
The other check works fine and logs the insertion.
I am on xoops 2.0.16 and protector 3.04
So I think the protection is working, but I would rather like it to be logged. Is there something I have set incorrectly or do I have a problem?
Best wishes
Adrian
http://www.mywebsite.com/index.php?xoopsConfig%5Bnocommon%5D=1
I get thrown to the home page, but there is no log of the contamination in the protection centre.
I have the contamination action set to blank screen, and the same happens if I set it to None(only logging). (I don't want to try ban the IP as it is my IP!). This happens when I try from not logged in, logged in as a registered user or logged in as webmaster.
The other check works fine and logs the insertion.
I am on xoops 2.0.16 and protector 3.04
So I think the protection is working, but I would rather like it to be logged. Is there something I have set incorrectly or do I have a problem?
Best wishes
Adrian
Votes:1
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
Check mainfile.php
Perhaps, it's a mainfile's protection before Protector.
This is just an issue of the core from xoops.org
Perhaps, it's a mainfile's protection before Protector.
This is just an issue of the core from xoops.org
Votes:0
Average:0.00
moonrakre
Posts: 4
Posts: 4
I have the code below in mainfile.php, is this what you are refering to?
define('XOOPS_CHECK_PATH', 0);
// Protect against external scripts execution if safe mode is not enabled
if ( XOOPS_CHECK_PATH && !@ini_get('safe_mode') ) {
if ( function_exists('debug_backtrace') ) {
$xoopsScriptPath = debug_backtrace();
if ( !count($xoopsScriptPath) ) {
die("XOOPS path check: this file cannot be requested directly");
}
$xoopsScriptPath = $xoopsScriptPath[0]['file'];
} else {
$xoopsScriptPath = isset($_SERVER['PATH_TRANSLATED']) ? $_SERVER['PATH_TRANSLATED'] : $_SERVER['SCRIPT_FILENAME'];
}
if ( DIRECTORY_SEPARATOR != '/' ) {
// IIS6 may double the \ chars
$xoopsScriptPath = str_replace( strpos( $xoopsScriptPath, '\\\\', 2 ) ? '\\\\' : DIRECTORY_SEPARATOR, '/', $xoopsScriptPath);
}
if ( strcasecmp( substr($xoopsScriptPath, 0, strlen(XOOPS_ROOT_PATH)), str_replace( DIRECTORY_SEPARATOR, '/', XOOPS_ROOT_PATH)) ) {
exit("XOOPS path check: Script is not inside XOOPS_ROOT_PATH and cannot run.");
}
}
define('XOOPS_CHECK_PATH', 0);
// Protect against external scripts execution if safe mode is not enabled
if ( XOOPS_CHECK_PATH && !@ini_get('safe_mode') ) {
if ( function_exists('debug_backtrace') ) {
$xoopsScriptPath = debug_backtrace();
if ( !count($xoopsScriptPath) ) {
die("XOOPS path check: this file cannot be requested directly");
}
$xoopsScriptPath = $xoopsScriptPath[0]['file'];
} else {
$xoopsScriptPath = isset($_SERVER['PATH_TRANSLATED']) ? $_SERVER['PATH_TRANSLATED'] : $_SERVER['SCRIPT_FILENAME'];
}
if ( DIRECTORY_SEPARATOR != '/' ) {
// IIS6 may double the \ chars
$xoopsScriptPath = str_replace( strpos( $xoopsScriptPath, '\\\\', 2 ) ? '\\\\' : DIRECTORY_SEPARATOR, '/', $xoopsScriptPath);
}
if ( strcasecmp( substr($xoopsScriptPath, 0, strlen(XOOPS_ROOT_PATH)), str_replace( DIRECTORY_SEPARATOR, '/', XOOPS_ROOT_PATH)) ) {
exit("XOOPS path check: Script is not inside XOOPS_ROOT_PATH and cannot run.");
}
}
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
No.
It's just a fragment of trash in mainfile.php
(Use code block)
I mean this.
You can find the code in mainfile.php of XOOPS 2.0.16
It's just a fragment of trash in mainfile.php
(Use code block)
I mean this.
You can find the code in mainfile.php of XOOPS 2.0.16
foreach ( array('GLOBALS', '_SESSION', 'HTTP_SESSION_VARS', '_GET', 'HTTP_GET_VARS', '_POST', 'HTTP_POST_VARS', '_COOKIE', 'HTTP_COOKIE_VARS', '_REQUEST', '_SERVER', 'HTTP_SERVER_VARS', '_ENV', 'HTTP_ENV_VARS', '_FILES', 'HTTP_POST_FILES', 'xoopsDB', 'xoopsUser', 'xoopsUserId', 'xoopsUserGroups', 'xoopsUserIsAdmin', 'xoopsConfig', 'xoopsOption', 'xoopsModule', 'xoopsModuleConfig', 'xoopsRequestUri') as $bad_global ) {
if ( isset( $_REQUEST[$bad_global] ) ) {
header( 'Location: '.XOOPS_URL.'/' );
exit();
}
}
Votes:1
Average:10.00
Login