View Issue Details

Jump to NotesJump to HistorySearch commits
IDProjectCategoryView StatusDate SubmittedLast Update
0005814Composrerrorlogpublic2024-07-29 17:162024-07-29 18:03
ReporterPatrick SchmalstigAssigned ToPatrick Schmalstig 
SeverityMinor-bug 
Status resolvedResolutionfixed 
Product Version11.beta1 
Fixed in Version 
Summary0005814: Possibly no validation on disable_cron_hook
DescriptionThere might not be any validation happening on the disable_cron_hook type.

ZAP was able to attempt a database entry into cron_progression for an invalid c_hook.
TagsRoadmap: v11
Time estimation (hours)
Sponsorship open

Activities

admin

2024-07-29 17:16

administrator   ~0008988

Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.

admin

2024-07-29 18:03

administrator   ~0008989

Automated response: Missing validation on cron hook configuration

There was no validation when enabling/disabling a cron hook, making it possible to inject bogus names as the ids into the database.

admin

2024-07-29 18:03

administrator   ~0008990

Fixed in Git commit 42b0a27414 (https://gitlab.com/composr-foundation/composr/commit/42b0a27414 - link will become active once code pushed to GitLab)

hotfix-5814, 2024-07-29 6pm.tar (30,720 bytes)

admin

2024-07-29 18:03

administrator   ~0008991

A hotfix (a TAR of files to upload) has been uploaded to this issue. Only apply this hotfix if you absolutely need it and cannot wait until the next release of Composr (releases are more reliable and strictly tested). As of Composr version 11, the recommended way to apply a hotfix is by following the same steps as an upgrade (https://baseurl/upgrader.php, use the hotfix on the step “Transfer across new/updated files”). The upgrader will automatically skip files belonging to addons you do not have installed or that are newer on disk than in the hotfix. Otherwise, you can manually extract and replace these files (do not replace if your on-disk file is newer than the one in the hotfix). Always take backups of your site or at least files you are replacing before applying a hotfix. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/).

Issue History

Date Modified Username Field Change
2024-07-29 17:16 Patrick Schmalstig Tag Attached: Roadmap: v11