Kevin Walsh wrote:
Grant suppressed wrote:I noticed the following request in my logs and thought I'd mention it toyou guys:www.mydomain.com/cgi-bin/mycatalog/__SQLUSER__ It's the first hacking attempt I've seen that looks IC-specific. Is there anything I might want to check my system out for?I can verify the problem on a 5.0 system. I haven't looked at it on 5.1 yet, but I suspect that it'll be the same. Apply the following patch as an emergency fix. The real fix will either be the same, or something similar elsewhere. ---------------------------------------------------------------------- *** Page.pm 28 Mar 2004 20:29:39 -0000 2.17 --- Page.pm 28 Mar 2004 20:34:43 -0000 *************** *** 75,80 **** --- 75,81 ---- die ::get_locale_message(412, "Missing special page: %s\n", $name) unless defined $page; + $subject =~ s/_/_/g; $page =~ s#\[subject\]#$subject#ig; $Vend::PageInit = 0; interpolate_html($page, 1); ----------------------------------------------------------------------
I'm running a late 4.9.7 CVS version (with various patches from v5.0) and have confirmed that I do have this problem.
So I applied the suggested patch, checked that special_pages/missing.html is not using @@MV_PREV_PAGE@@, restarted IC, but the problem persists :(
I am planning an upgrade to 5.0 in the near future, but I don't really want to be forced into an upgrade now.
Does this patch rely on code that was fixed/added after 4.9.7? -- Jamie Neil | <suppressed> | 0870 7777 454 Versado I.T. Services Ltd. | http://versado.net/ | 0845 450 1254 _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.