#269 modules\user\xoops_version.php with many undefined constants

2.1.8
open-accepted
minahito
user (52)
5
2014-08-26
2010-04-28
Mikhail Miguel
No

1) \html\modules\user\xoops_version.php with many undefined constants!
2) related error message with full path disclosure vulnerability when accessing directly the file.

---

<br />
<b>Notice</b>: Use of undefined constant _MI_USER_NAME - assumed '_MI_USER_NAME' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>28</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_NAME_DESC - assumed '_MI_USER_NAME_DESC' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>30</b><br />
<br />
<b>Notice</b>: Use of undefined constant XOOPS_GROUP_ADMIN - assumed 'XOOPS_GROUP_ADMIN' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>144</b><br />
<br />
<b>Notice</b>: Use of undefined constant XOOPS_GROUP_ADMIN - assumed 'XOOPS_GROUP_ADMIN' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>162</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_CONF_SELF_DELETE_CONFIRM_DEFAULT - assumed '_MI_USER_CONF_SELF_DELETE_CONFIRM_DEFAULT' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>228</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_CONF_DISCLAIMER_DESC_DEFAULT - assumed '_MI_USER_CONF_DISCLAIMER_DESC_DEFAULT' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>264</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_BLOCK_LOGIN_NAME - assumed '_MI_USER_BLOCK_LOGIN_NAME' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>305</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_BLOCK_LOGIN_DESC - assumed '_MI_USER_BLOCK_LOGIN_DESC' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>306</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_BLOCK_ONLINE_NAME - assumed '_MI_USER_BLOCK_ONLINE_NAME' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>313</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_BLOCK_ONLINE_DESC - assumed '_MI_USER_BLOCK_ONLINE_DESC' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>314</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_BLOCK_NEWUSERS_NAME - assumed '_MI_USER_BLOCK_NEWUSERS_NAME' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>320</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_BLOCK_NEWUSERS_DESC - assumed '_MI_USER_BLOCK_NEWUSERS_DESC' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>321</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_BLOCK_TOPUSERS_NAME - assumed '_MI_USER_BLOCK_TOPUSERS_NAME' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>329</b><br />
<br />
<b>Notice</b>: Use of undefined constant _MI_USER_BLOCK_TOPUSERS_DESC - assumed '_MI_USER_BLOCK_TOPUSERS_DESC' in <b>\XXX\YYY\html\modules\user\xoops_version.php</b> on line <b>330</b><br />

Discussion

  • minahito
    minahito
    2010-05-09

    • milestone: 903888 --> 2.1.8
    • assigned_to: nobody --> minahito
    • status: open --> open-accepted
     
  • minahito
    minahito
    2010-05-09

    We need to add guard code.

     
  • gigamaster
    gigamaster
    2012-07-24

    I've confirmed the fix. Closed.