#268 \legacy\admin\menu.php with many undefined constants

2.1.8
open-accepted
nobody
Legacy (179)
5
2014-08-15
2010-04-28
Mikhail Miguel
No

1) \html\modules\legacy\admin\menu.php with many undefined constants!
2) related error message with full path disclosure vulnerability when accessing directly the file.

---

<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_ACTIONSEARCH - assumed '_MI_LEGACY_MENU_ACTIONSEARCH' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>11</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_MODULELIST - assumed '_MI_LEGACY_MENU_MODULELIST' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>15</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_KEYWORD_MODULELIST - assumed '_MI_LEGACY_KEYWORD_MODULELIST' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>16</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_MODULEINSTALL - assumed '_MI_LEGACY_MENU_MODULEINSTALL' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>20</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_KEYWORD_MODULEINSTALL - assumed '_MI_LEGACY_KEYWORD_MODULEINSTALL' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>21</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_BLOCKLIST - assumed '_MI_LEGACY_MENU_BLOCKLIST' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>25</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_KEYWORD_BLOCKLIST - assumed '_MI_LEGACY_KEYWORD_BLOCKLIST' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>26</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_BLOCKINSTALL - assumed '_MI_LEGACY_MENU_BLOCKINSTALL' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>30</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_KEYWORD_BLOCKINSTALL - assumed '_MI_LEGACY_KEYWORD_BLOCKINSTALL' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>31</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_CREATE_SMILES - assumed '_MI_LEGACY_MENU_CREATE_SMILES' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>35</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_KEYWORD_CREATE_SMILES - assumed '_MI_LEGACY_KEYWORD_CREATE_SMILES' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>37</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_SMILES_MANAGE - assumed '_MI_LEGACY_MENU_SMILES_MANAGE' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>40</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_KEYWORD_SMILES_MANAGE - assumed '_MI_LEGACY_KEYWORD_SMILES_MANAGE' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>41</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_COMMENT_MANAGE - assumed '_MI_LEGACY_MENU_COMMENT_MANAGE' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>45</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_IMAGE_MANAGE - assumed '_MI_LEGACY_MENU_IMAGE_MANAGE' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>49</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_THEME_MANAGE - assumed '_MI_LEGACY_MENU_THEME_MANAGE' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>53</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_GENERAL_SETTINGS - assumed '_MI_LEGACY_MENU_GENERAL_SETTINGS' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>57</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_LEGACY_MENU_XOOPS_CONFIG - assumed '_MI_LEGACY_MENU_XOOPS_CONFIG' in <b>\XXX\YYY\html\modules\legacy\admin\menu.php</b> on line <b>61</b><br />

Discussion

  • minahito
    minahito
    2010-05-09

    We need to add guard code.

     
  • minahito
    minahito
    2010-05-09

    • milestone: 903888 --> 2.1.8
    • status: open --> open-accepted
     
  • gigamaster
    gigamaster
    2012-07-24

    I've confirmed the fix. Closed.