Magento Forum

   
Magento 1.7.0.2 bug security issue
 
givemesoft
Jr. Member
 
Total Posts:  7
Joined:  2011-03-31
 

I’m facing an issue with a Magento 1.7.0.2. After some attempts the bug has disappear on my site so i can’t reproduce the bug.

However i can reproduce the bug on other site :

Bug Scenario :

1. Find a magento site (Tips : just search for ‘privacy-policy-cookie-restriction-mode’ on google grin
2. Under the list of product of a category Right click on a image product and choose Open in a new tab
3. Under the new tab remove the name of the image in the url and keep all the rest and press enter: http://sibi.fr/media/catalog/product/cache/2/small_image/185x/9df78eab33525d08d6e5fb8d27136e95/i/m/
4. The site will display the following error :

Fatal errorUncaught exception 'Exception' with message 'File '/home/einstein/public_html/media/catalog/product/cache/2/small_image/185x/9df78eab33525d08d6e5fb8d27136e95/i/m/' does not exists.' in /home/einstein/public_html/lib/Varien/File/Transfer/Adapter/Http.php:96 Stack trace#0 /home/einstein/public_html/get.php(205): Varien_File_Transfer_Adapter_Http->send('/home/einstein/pu...') #1 /home/einstein/public_html/get.php(165): sendFile('/home/einstein/pu...') #2 {main} thrown in /home/einstein/public_html/lib/Varien/File/Transfer/Adapter/Http.php on line 96

I consider this a security issue because nobody need to know the path : /home/einstein.....

According to you, what is the best way to fix it ? Just modify the .htaccess or make some change on the php code ?

PS: Note that after some attempts the bug disappear so it’s very difficult to find a fix for this bug ??

 
Magento Community Magento Community
Magento Community
Magento Community
 
givemesoft
Jr. Member
 
Total Posts:  7
Joined:  2011-03-31
 

I’ve find a workaround to fix the bug :

Just add the bellow line in your php.ini file

display_errors off

 
Magento Community Magento Community
Magento Community
Magento Community
 
BredaBeds
Jr. Member
 
Avatar
Total Posts:  2
Joined:  2012-02-01
Boise, Idaho
 

I had the same issue, but I modified get.php in the root directory. At the end of the file you’ll find a method called “sendFile”, you can modify it to this:

function sendFile($file)
{
    
if (file_exists($file) || is_readable($file)) {
        $transfer 
= new Varien_File_Transfer_Adapter_Http();
        
$transfer->send($file);
        exit;
    
}else{
        header
($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
        
header("Status: 404 Not Found");
        
$_SERVER['REDIRECT_STATUS'404;
    
}
}
This adds an else statement which will at least return a proper 404 header instead of throwing a PHP error. This doesn’t return or redirect to your 404 page though. Of course make a backup of the get.php file before changing anything.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Sindre|ProperHost
Mentor
 
Avatar
Total Posts:  1155
Joined:  2008-04-24
 

This is more of a server configuration error than Magento\’s fault. PHP error display should never be enabled by default on a production server. If PHP is configured to log errors to a file in the first place this should not be an issue.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
    Back to top