A critical security bug in Total.js Eshop + CMS
We are really sorry, but this is life. Sometimes we are teachers and sometimes we are students. We found a critical security bug in Total.js Eshop and CMS yesterday. Please follow the instructions below:
- first reinstall Total.js to +v2.2.0 (
npm install total.js)
- check your source-code:
Open yourapp/controllers/default.js and find a file_read function and modify it as shown below:
function file_read() {
// ...
// ...
// ...
if (req.query.s)
req.uri.pathname = req.uri.pathname.replace('.', req.query.s + '.');
// ...
// ...
// ...
// Image processing
res.image(filename, function(image) {
image.output(req.extension);
req.extension === 'jpg' && image.quality(85);
image.resize(req.query.s + '%');
image.minify();
});
// ...
// ...
}
FIX:
function file_read() {
// ...
// ...
// ...
// THIS IS NEW:
var size;
if (req.query.s) {
// THIS IS NEW:
size = req.query.s.parseInt();
req.uri.pathname = req.uri.pathname.replace('.', size + '.');
}
// ...
// ...
// ...
// Image processing
res.image(filename, function(image) {
image.output(req.extension);
req.extension === 'jpg' && image.quality(85);
// THIS IS NEW (this was a critical bug):
size && image.resize(size + '%');
image.minify();
});
// ...
// ...
}
Do you have any questions? Contact use via our HelpDesk system.
We apologize for the inconvenience.
