Errors of the version 1.30.1

Write about issues that you have found.

Moderators: Koduc, Xpycm

Forum rules
Pay attention! Forum is not a means for guaranteed support of clients and users. An answer as well as a quick answer is not supposed on the forum. We post messages as soon as possible.

The message limit on the forum is 3 messages per day.
If you want to say "thank you" then use the function "Give good reputation point", which is a green icon "plus" under the nickname of the person, who answered the message.

Errors of the version 1.30.1

Postby support » 30 Aug 2019, 20:58

Errors of the version 1.30.1
support
Citizen
Citizen
 
Posts: 117
Joined: 28 Dec 2011, 13:14
Reputation point: 0

Re: Errors of the version 1.30.1

Postby support » 12 Sep 2019, 13:50

Improvements for system security

1) Open the file
protected / modules / apartments / controllers / backend / MainController.php.
In the method actionUpdate instead:
Code: Select all
HApartment::saveOther($this->_model); 


insert:
Code: Select all

if 
($this->_model->validate()) {
HApartment::saveOther($this->_model);


Open the file
protected / modules / userads / controllers / MainController.php.
In the method actionUpdate instead:
Code: Select all
HApartment::saveOther($model); 


insert:
Code: Select all

if 
($model->validate()) {
HApartment::saveOther($model);
}
 


2) Open the file protected / helpers / HSite.php
In the method allowUploadAndResizeImage
after the line:
Code: Select all
if ($imagePath && file_exists($imagePath)) 


insert:
Code: Select all
$allowedExtensions = param('allowedImgExtensions', array('jpg', 'jpeg', 'gif', 'png'));
$allowMimeTypes = param('allowedImgMimeTypes', array('image/gif', 'image/jpeg', 'image/png'));

$pathInfo = pathinfo($imagePath);
if (!in_array(strtolower($pathInfo['extension']), $allowedExtensions)) {
return $return;
}

$fileInfo = (function_exists('finfo_open')) ? finfo_open(FILEINFO_MIME_TYPE) : null;
if ($fileInfo && !in_array(finfo_file($fileInfo, $imagePath), $allowMimeTypes)) {
return $return;


3) If you use the apache, place the .htaccess file with the following contents in the uploads directory:
Code: Select all
RemoveHandler .cgi .pl .py .pyc .pyo .phtml .php .php3 .php4 .php5 .php6 .pcgi .pcgi3 .pcgi4 .pcgi5 .pchi6 .inc
RemoveType 
.cgi .pl .py .pyc .pyo .phtml .php .php3 .php4 .php5 .php6 .pcgi .pcgi3 .pcgi4 .pcgi5 .pchi6 .inc
Sethandler none
Sethandler default
-handler


if you use nginx, in the config file add the following lines
Code: Select all
location ~ ^/uploads/.*\.(php|pl|py|pyc|pyo|cgi|phtml|inc|pcgi)$ {
deny all;
}


note: don't forget to run the command:

service nginx reload
support
Citizen
Citizen
 
Posts: 117
Joined: 28 Dec 2011, 13:14
Reputation point: 0


Return to Issues

Who is online

Users browsing this forum: No registered users and 1 guest

cron