0
Welcome Guest! Login
0 items Join Now

PregReplace.E in Rokcoomon library

    • VladimirZ's Avatar
    • VladimirZ
    • Jr. Rocketeer
    • Posts: 23
    • Thanks: 0

    PregReplace.E in Rokcoomon library

    Posted 5 years 8 months ago
    • I have just received security warning from my hosting provider that the file /docs/libraries/rokcommon/Doctrine/Adapter/Statement/Oracle.php looks suspicious and has PregReplace.E threat. They asked me to modify a code.
      Does anyone have the same problem? What oracle.php is responcible for?
      I am using Rokcommon Library 3.2.5
    • MrT's Avatar
    • MrT
    • Preeminent Rocketeer
    • Posts: 101084
    • Thanks: 13481
    • Web Designer/Developer

    Re: PregReplace.E in Rokcoomon library

    Posted 5 years 8 months ago
    • First of all I believe that is a false positive.

      What versions of roksprocket/rokgallery are you using too?

      What version of PHP are you using?

      Regards, Mark.
    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
    • VladimirZ's Avatar
    • VladimirZ
    • Jr. Rocketeer
    • Posts: 23
    • Thanks: 0

    Re: PregReplace.E in Rokcoomon library

    Posted 5 years 8 months ago
    • Mark, thank you for immediate reply.

      I am using RokGallery 2.42, RokSprocket 2.1.23 and PHP 7.0.24

      Best regards,
      Vladimir
    • MrT's Avatar
    • MrT
    • Preeminent Rocketeer
    • Posts: 101084
    • Thanks: 13481
    • Web Designer/Developer

    Re: PregReplace.E in Rokcoomon library

    Posted 5 years 8 months ago
    • I checked the code and it's perfectly valid - there is no threat there. We won't be changing that code. That is a false positive that your host has given you there.

      Regards, Mark.
    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
    • VladimirZ's Avatar
    • VladimirZ
    • Jr. Rocketeer
    • Posts: 23
    • Thanks: 0

    Re: PregReplace.E in Rokcoomon library

    Posted 5 years 8 months ago
    • I contacted with hosting support. They said that the reason is in using preg_replace() with /e modifier in line 506 of the code in /docs/libraries/rokcommon/Doctrine/Adapter/Statement/Oracle.php.
      They offer to change line
      $query = preg_replace("/(\?)/e", '":oci_b_var_". $bind_index++' , $query);

      with
      $query = preg_replace_callback("/(\?)/", function () use (&$bind_index) { return ":oci_b_var_".$bind_index++; }, $query);

      Is it correct?

      Best regards,
      Vladimir
    • MrT's Avatar
    • MrT
    • Preeminent Rocketeer
    • Posts: 101084
    • Thanks: 13481
    • Web Designer/Developer

    Re: PregReplace.E in Rokcoomon library

    Posted 5 years 8 months ago
    • I've no idea I'm afraid. Roksprocket has been the way it is for the past 10 years without any issue and no one else has reported an issue with this code during that timescale.

      I'll raise a bug ticket and have our DEVs comment on this - but I would add that it may be some considerable time before they can do so as they are very busy.

      Regards, Mark.
    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
    • MrT's Avatar
    • MrT
    • Preeminent Rocketeer
    • Posts: 101084
    • Thanks: 13481
    • Web Designer/Developer

    Re: PregReplace.E in Rokcoomon library

    Posted 5 years 8 months ago
    • This message contains only secure information that is visible to MrT, moderators and administrators
    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
    • VladimirZ's Avatar
    • VladimirZ
    • Jr. Rocketeer
    • Posts: 23
    • Thanks: 0

    Re: PregReplace.E in Rokcoomon library

    Posted 5 years 5 months ago
    • Mark, do you have any news from your DEVs?

      Best regards,
      Vladimir
    • MrT's Avatar
    • MrT
    • Preeminent Rocketeer
    • Posts: 101084
    • Thanks: 13481
    • Web Designer/Developer

    Re: PregReplace.E in Rokcoomon library

    Posted 5 years 5 months ago
    • No sorry the ticket is still open. When the devs have looked at it you will see a new release announced here http://www.rockettheme.com/product-updates - there is also an RSS feed there too that you can subscribe to.

      Regards, Mark.
    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.

Time to create page: 0.055 seconds