MODX :: MODx Security Fix [for 0.9.1]

215

Write secure snippets!
Lock down your server!

netnoise Reply #1, 5 years, 9 months ago

Link to this post#1

This version of document.parser.inc.php fixes some issues in MODx which were published on yesterday.
Please update your current 0.9.1 MODx installations as soon a possible.
How to patch Open manager/includes/document.parser.class.inc.php in your favourite text editor and replace the function "getDocumentIdentifier" with the code below.

  function getDocumentIdentifier($method) {
    // function to test the query and find the retrieval method
    $docIdentifier= $this->config['site_start'];
    switch($method) {
      case "alias" :
        $docIdentifier= $this->db->escape($_REQUEST['q']);
      break;
      case "id" :
        if(!is_numeric($_REQUEST['id'])) {
          $this->messageQuit("ID passed in request is NaN!");
        } else {
          $docIdentifier= intval($_REQUEST['id']);
        }
      break;
      default :
      break;
    }
    return $docIdentifier;
  }

93

jwtyler Reply #2, 5 years, 9 months ago

Link to this post#2

I must have missed it. What exactly was the security issue? Repatching all the paches into the parser is not something I look forward to.

215

Write secure snippets!
Lock down your server!

netnoise Reply #3, 5 years, 9 months ago

Link to this post#3

I am a non windows user myself (but recoded it to DOS CR/LF as the original one is ;-)

Since the document.parser.class.inc.php you posted includes a bunch of other changes slated for the next release

Oupsie, please see updated posting on top.

258

I have been touched by His noodly appendage

vbrilon Reply #4, 5 years, 9 months ago

Link to this post#4

Groovy! Thanks again for the quick catch.

258

I have been touched by His noodly appendage

vbrilon Reply #5, 5 years, 9 months ago

Link to this post#5

Quote from: jwtyler at Apr 15, 2006, 12:21 PM

I must have missed it. What exactly was the security issue? Repatching all the paches into the parser is not something I look forward to.

No need to do that. Just replace the one function above.

1,010

eForm | eForm support | eForm @ wiki

TobyL Reply #6, 5 years, 9 months ago

Link to this post#6

Nice one, thank you.

Can anyone tell me where the message "ID passed in request is NaN!" will find a place in the language file? It will be in there at some stage won't it? I'd like to make that update in an international installation without hardcoding the mesage in the parser class.

Oh, and a small coding question. Does the

default :
      break;

server any purpose? In my simple brain it doesn't make any difference to the flow if you leave it out so why is it there? Am I missing something?

12,035

Ryan Thrash

MODX Co-Founder & CEO

MODX Revolution

Your Content, Your Way.

Issues | Documentation | Git the Source

Need help? Help us help you.

rthrash Reply #7, 5 years, 9 months ago

Link to this post#7

I think the default case is required. And thank you for pointing out the messages should probably go in the language files... can you log that in our Bug (and Support/Feature request tracker), please?

11

Nuker Reply #8, 5 years, 9 months ago

Link to this post#8

if user type ./index.php?id=24blablabla in address field then it's get error message about NaN resource.

May'be this code right? User get only 404 page.

/*cut*/
     if(!is_numeric($_REQUEST['id'])) {
      $docIdentifier= 0;
/*paste*/

14,561

How MODx Evo Works Log in to an Evo Manager username guest, password guestuser.

sottwell Reply #9, 5 years, 9 months ago

Link to this post#9

I just set it to return to the home page. No fuss, no bother.

15

axiome Reply #10, 5 years, 9 months ago

Link to this post#10

On special version for free.fr (ModX v0.9.O_Free_Edition), this bug exist ?

MODx Security Fix [for 0.9.1]#