Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Sun Nov 22, 2009 4:02 am (All times are UTC )

 

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Forum rules

Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 
  Print view Previous topic | Next topic 
Author Message
thegioiphatminh
Posted: Sat Oct 27, 2007 7:14 am 
User avatar
Joomla! Guru
Joomla! Guru
Offline

Joined: Mon Jan 23, 2006 1:32 am
Posts: 668
Location: VINAORA.COM
Error with com_search when you search string

"string++string" or "string+++string" (replace + by blank character). Example:

Code:
"a  a"


http://www.joomla.org/index.php?option= ... rd=a++a....

Image

[RussW] Removed hidden link to site....  Please do not hide promotional links to your own website in post/images.....

Flood ???

Joomla 1.5 RC3 or Joomla 1.0.13

Firefox 2.0.0.8 (addon: NoScript) or IE 7.0 (No Javascript)

_________________
.: http://vinaora.com :. Vinaora Visitors Counter, Vinaora World Time Clock

Joomla! Guides - Hướng dẫn cài đặt, cấu hình, bảo mật... Joomla!

Last edited by RussW on Sat Oct 27, 2007 7:35 am, edited 1 time in total.

Top
  E-mail  
 
thegioiphatminh
Posted: Sun Oct 28, 2007 5:37 am 
User avatar
Joomla! Guru
Joomla! Guru
Offline

Joined: Mon Jan 23, 2006 1:32 am
Posts: 668
Location: VINAORA.COM
SOLUTION:

http://physicist.phpnet.us/2007/05/28/j ... ch-glitch/

et’s come on a site joomla.org and click on the Search menu item. Now we enter text “test  test” for search (with three spaces between words!). As a result of the search the huge document with a lot of “” is received.

To get rid of this glitch, it is necessary in a file /components/com_search/search.php after a line

$searchword = strval( mosGetParam( $_REQUEST, 'searchword', '' ) );

(or, in older versions

$searchword = $database->getEscaped( trim( $searchword ) );

) add

$searchword = preg_replace( '/\s{2,}/s', ' ', $searchword );

It will allow to remove a series of spaces from the search query.

_________________
.: http://vinaora.com :. Vinaora Visitors Counter, Vinaora World Time Clock

Joomla! Guides - Hướng dẫn cài đặt, cấu hình, bảo mật... Joomla!

Top
  E-mail  
 
thegioiphatminh
 Post subject: FLOOD any Joomla sitte!
Posted: Tue Oct 30, 2007 6:45 am 
User avatar
Joomla! Guru
Joomla! Guru
Offline

Joined: Mon Jan 23, 2006 1:32 am
Posts: 668
Location: VINAORA.COM
Search Website Joomla! (1.0.x and 1.5) by "a a" or "a a a" or "a a a a" ...

Because this code (about line 177 in com_search/search.php)

Code:
<?php
foreach ($searchwords as $hlword) {
   $text = preg_replace( '/' . preg_quote( $hlword, '/' ) . '/i',
       '<span class="highlight">\0</span>', $text );
}

_________________
.: http://vinaora.com :. Vinaora Visitors Counter, Vinaora World Time Clock

Joomla! Guides - Hướng dẫn cài đặt, cấu hình, bảo mật... Joomla!

Last edited by thegioiphatminh on Tue Oct 30, 2007 6:48 am, edited 1 time in total.

Top
  E-mail  
 
jcisio
Posted: Tue Oct 30, 2007 3:54 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast
Offline

Joined: Mon Apr 16, 2007 2:33 pm
Posts: 232
Firstly, this problem has no way degrading the performance of Joomla! as PHP/MySQL doesn't work harder.

Second, I think I have a short solution. Modification of components/com_search/search.php:

At about line 74, after
Code:
$searchword = strval( mosGetParam( $_REQUEST, 'searchword', '' ) );

add
Code:
$searchword = preg_replace('/[\s\.\\\+\*\?\[\^\]\$\(\)\{\}\=\!\<\>\|]+/', ' ', $searchword);


At about line 185, replace
Code:
foreach ($searchwords as $hlword) {
      $text = preg_replace( '/' . preg_quote( $hlword, '/' ) . '/i', '<span class="highlight">\0</span>', $text );
}

with
Code:
$text = preg_replace('!(' . implode($searchwords, '|') . ')!i', '<span class="highlight">\1</span>', $text);


The first one remove dirty space (which returns indesirable results), the second avoid looped "
It works for me (http://thongtincongnghe.com).

The com_search of Joomla is far from perfection.

_________________
http://www.thongtincongnghe.com/ - Thông tin công nghệ
Trang tin điện tử về CNTT, Điện tử, Viễn thông.

Last edited by jcisio on Tue Oct 30, 2007 4:01 pm, edited 1 time in total.

Top
  E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 4 posts ] 

Quick reply

 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Who is online

Users browsing this forum: No registered users and 7 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.