#267 \legacy\xoops_version.php with many undefined constants

2.1.8
open-accepted
minahito
Legacy (179)
5
2014-08-01
2010-04-28
Mikhail Miguel
No

1) \html\modules\legacy\xoops_version.php with many many undefined constants!
2) related error message with full path disclosure vulnerability when accessing directly the file.

---

<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_NAME - assumed '_MI_LEGACY_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>11</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_NAME_DESC - assumed '_MI_LEGACY_NAME_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>13</b><br />
<br />
<b>Notice</b>: Use of undefined constant XOOPS_LEGACY_PATH - assumed 'XOOPS_LEGACY_PATH' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>25</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_USERMENU_NAME - assumed '_MI_LEGACY_BLOCK_USERMENU_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>136</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_USERMENU_DESC - assumed '_MI_LEGACY_BLOCK_USERMENU_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>137</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_MAINMENU_NAME - assumed '_MI_LEGACY_BLOCK_MAINMENU_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>145</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_MAINMENU_DESC - assumed '_MI_LEGACY_BLOCK_MAINMENU_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>146</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_SEARCH_NAME - assumed '_MI_LEGACY_BLOCK_SEARCH_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>154</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_SEARCH_DESC - assumed '_MI_LEGACY_BLOCK_SEARCH_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>155</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_WAITING_NAME - assumed '_MI_LEGACY_BLOCK_WAITING_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>162</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_WAITING_DESC - assumed '_MI_LEGACY_BLOCK_WAITING_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>163</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_SITEINFO_NAME - assumed '_MI_LEGACY_BLOCK_SITEINFO_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>169</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_SITEINFO_DESC - assumed '_MI_LEGACY_BLOCK_SITEINFO_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>170</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_COMMENTS_NAME - assumed '_MI_LEGACY_BLOCK_COMMENTS_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>179</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_COMMENTS_DESC - assumed '_MI_LEGACY_BLOCK_COMMENTS_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>180</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_NOTIFICATION_NAME - assumed '_MI_LEGACY_BLOCK_NOTIFICATION_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>189</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_NOTIFICATION_DESC - assumed '_MI_LEGACY_BLOCK_NOTIFICATION_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>190</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_THEMES_NAME - assumed '_MI_LEGACY_BLOCK_THEMES_NAME' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>196</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_BLOCK_THEMES_DESC - assumed '_MI_LEGACY_BLOCK_THEMES_DESC' in <b>\XXX\YYY\html\modules\legacy\xoops_version.php</b> on line <b>197</b><br />

Discussion

  • minahito
    minahito
    2010-05-09

    • milestone: 903888 --> 2.1.8
    • assigned_to: nobody --> minahito
    • status: open --> open-accepted
     
  • minahito
    minahito
    2010-05-09

    We need to add guard code.

     
  • gigamaster
    gigamaster
    2012-07-24

    I've confirmed the fix. Closed.

     
  • gigamaster
    gigamaster
    2012-07-24

    I've confirmed the fix. Closed.