Oct 292016

Author

A critical security bug in Total.js Eshop + CMS

We have found a critical security bug in FileHandler, this blog contains instructions how to secure your websites.

A critical security bug in Total.js Eshop + CMS

We are really sorry, but this is life. Sometimes we are teachers and sometimes we are students. We found a critical security bug in Total.js Eshop and CMS yesterday. Please follow the instructions below:

first reinstall Total.js to +v2.2.0 (npm install total.js)
check your source-code:

Open yourapp/controllers/default.js and find a file_read function and modify it as shown below:

function file_read() {

    // ...
    // ...
    // ...

    if (req.query.s)
        req.uri.pathname = req.uri.pathname.replace('.', req.query.s + '.');

    // ...
    // ...
    // ...

    // Image processing
    res.image(filename, function(image) {
        image.output(req.extension);
        req.extension === 'jpg' && image.quality(85);
        image.resize(req.query.s + '%');
        image.minify();
    });

    // ...
    // ...
}

FIX:

function file_read() {

    // ...
    // ...
    // ...

    // THIS IS NEW:
    var size;

    if (req.query.s) {
        // THIS IS NEW:
        size = req.query.s.parseInt();
        req.uri.pathname = req.uri.pathname.replace('.', size + '.');
    }

    // ...
    // ...
    // ...

    // Image processing
    res.image(filename, function(image) {
        image.output(req.extension);
        req.extension === 'jpg' && image.quality(85);
        // THIS IS NEW (this was a critical bug):
        size && image.resize(size + '%');
        image.minify();
    });

    // ...
    // ...
}

Do you have any questions? Contact use via our HelpDesk system.

We apologize for the inconvenience.

A critical security bug in Total.js Eshop + CMS

Other posts from Total.js Platform