Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-06 09:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

SEC: Possible RCE when php module json off. +Warning in security page.

Browse Source
This commit is contained in:
Laurent Destailleur
2024-07-12 01:43:53 +02:00
parent 263c1e5445
commit d3ebd3fbe7
3 changed files with 363 additions and 356 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/system/security.php
View File

@@ -190,10 +190,10 @@ print '<br>';
print '<strong>JSON</strong>: ';
$loadedExtensions = array_map('strtolower', get_loaded_extensions(false));
$test = !in_array('json', $loadedExtensions);
if ($test) {
if ($test || function_exists('dol_json_decode')) {
print img_picto('', 'error').' '.$langs->trans("NotInstalled").' - '.$langs->trans("VulnerableToRCEAttack");
} else {
print img_picto('', 'tick').' '.$langs->trans("Available");
print img_picto('', 'tick').' '.$langs->trans("Available").' <span class="opacitymedium">(PHP native so not emulated, safe)</span>';
}
print '<br>';