I have just received security warning from my hosting provider that the file /docs/libraries/rokcommon/Doctrine/Adapter/Statement/Oracle.php looks suspicious and has PregReplace.E threat. They asked me to modify a code.
Does anyone have the same problem? What oracle.php is responcible for?
I am using Rokcommon Library 3.2.5
What versions of roksprocket/rokgallery are you using too?
What version of PHP are you using?
Regards, Mark.
Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
I checked the code and it's perfectly valid - there is no threat there. We won't be changing that code. That is a false positive that your host has given you there.
Regards, Mark.
Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
I contacted with hosting support. They said that the reason is in using preg_replace() with /e modifier in line 506 of the code in /docs/libraries/rokcommon/Doctrine/Adapter/Statement/Oracle.php.
They offer to change line
I've no idea I'm afraid. Roksprocket has been the way it is for the past 10 years without any issue and no one else has reported an issue with this code during that timescale.
I'll raise a bug ticket and have our DEVs comment on this - but I would add that it may be some considerable time before they can do so as they are very busy.
Regards, Mark.
Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
This message contains only secure information that is visible to MrT, moderators and administrators
Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
No sorry the ticket is still open. When the devs have looked at it you will see a new release announced here
http://www.rockettheme.com/product-updates
- there is also an RSS feed there too that you can subscribe to.
Regards, Mark.
Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.