|
|
Posted by Peter on 09/29/07 15:19
Hi,
Sorry for the long intro but I think I should mention this first:
My site is driven by Smarty, a php based framework.
One of the features of Smarty is that after dynamically building a page, it
can be cached and re-used always after it has been compiled once.
One day a found a file *.txt? on my webspace and go very worried ... how did
it get there ... so I did some searching and read about a problem with file
insertion in combination with register_globals = on.
I have re-written my (none-smarty) php scripts to not need register_globals
and since a while now register_globals = off
(PS. I have asked my site-admin to re-check this setting while I'm writing
this)
I have not found rogue files since BUT I notice from time to time that links
in my pages have changed. This is after I updated pages and cleared the
cache, so that all pages needed to be rebuild. As pages are built on a need
only basis, some of the lesser used pages get built days after and are not
checked by me. Once built they get cached, and used always, but some thugs
or whatever, manage to make the system cache badly built pages (with changed
links).
To the point:
The changed links in question are always to the "same" page but in another
folder (different language).
The created page link is then something like '/es/' . $from
Where $from is created as follows:
$link =
explode('/',$_SERVER['PHP_SELF'].$special_char.$_SERVER['QUERY_STRING']);
$from = $link[sizeof($link)-1];
This is code written by the original site designer and I'm not good enough
to figure this one out but I think the clue lies here ?
I think the "hooligans" are creating URLs such that the created $from
variable is not what it is supposed to be.
E.g. on page1.php
a link should be created that points to /es/page1.php
but sometimes I find that the link is /es/pb.txt?
or another *.txt? variant.
If you know what's going on please let me know. I'd love to understand the
details of it.
And secondly, probably more important, how to fix it.
Thanks
Peter
Navigation:
[Reply to this message]
|