Jump to content
doekia

[SECURITE] SPAM Customer Account : solution [1.3 -> 1.5]

By doekia , in General topics

Recommended Posts

doekia    1,265

doekia
Posted

within your class classes/Validate.php - either in the native code, or into an override, add this function 

    public static function isCustomerName($name)
    {
        if (preg_match(Tools::cleanNonUnicodeSupport('/www|http/ui'),$name))
           return false;

        return preg_match(Tools::cleanNonUnicodeSupport('/^[^0-9!\[\]<>,;?=+()@#"°{}_$%:\/\\\*\^]*$/u'), $name);
    }

Then modify inside classes/Customer.php 

            'lastname' =>                    array('type' => self::TYPE_STRING, 'validate' => 'isName', 'required' => true, 'size' => 32),
            'firstname' =>                    array('type' => self::TYPE_STRING, 'validate' => 'isName', 'required' => true, 'size' => 32),

by 

            'lastname' =>                    array('type' => self::TYPE_STRING, 'validate' => 'isCustomerName', 'required' => true, 'size' => 32),
            'firstname' =>                    array('type' => self::TYPE_STRING, 'validate' => 'isCustomerName', 'required' => true, 'size' => 32),

 

A script to automate the fix https://area51.enter-solutions.com/snippets/122

For 1.3 and 1.4 the code is here:

 

Buy Me a Coffee at ko-fi.com

  • Like 9
  • Thanks 16

Share this post

Link to post
Share on other sites

doekia    1,265

doekia
Posted

Same applies to 1.4 - 1.3

La même chose s'applique au 1.4 et 1.3

Customer.php replace 

        protected $fieldsValidate = array('secure_key' => 'isMd5', 'lastname' => 'isName', 'firstname' => 'isName', 'email' => 'isEmail', 'passwd' => 'isPasswd',
                 'id_gender' => 'isUnsignedId', 'birthday' => 'isBirthDate', 'newsletter' => 'isBool', 'optin' => 'isBool', 'active' => 'isBool', 'note' => 'isCleanHtml', 'is_guest' => 'isBool');
        protected $exclude_copy_post = array('secure_key', 'active', 'date_add', 'date_upd', 'last_passwd_gen', 'newsletter_date_add', 'id_default_group', 'ip_registration_newsletter', 'note', 'is_guest', 'deleted');

by 

        protected $fieldsValidate = array('secure_key' => 'isMd5', 'lastname' => 'isCustomerName', 'firstname' => 'isCustomerName', 'email' => 'isEmail', 'passwd' => 'isPasswd',
                 'id_gender' => 'isUnsignedId', 'birthday' => 'isBirthDate', 'newsletter' => 'isBool', 'optin' => 'isBool', 'active' => 'isBool', 'note' => 'isCleanHtml', 'is_guest' => 'isBool');
        protected $exclude_copy_post = array('secure_key', 'active', 'date_add', 'date_upd', 'last_passwd_gen', 'newsletter_date_add', 'id_default_group', 'ip_registration_newsletter', 'note', 'is_guest', 'deleted');

 

Validate.php mainly identical patch: 

    public static function isCustomerName($name)
    {
        if (preg_match('/www|http/ui',$name)) {
        	return false;
        }

        return preg_match('/^[^0-9!\[\]<>,;?=+()@#"°{}_$%:\/\\\*\^]*$/u', $name);
    }

 

Share this post

Link to post
Share on other sites

selectshop.at    1,328

selectshop.at
Posted

This problem is already solved by Prestashop. Patches are available for PS 1.6. and 1.7.. Please update your stores with latest patch by using the 1-click-module.

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing General topics
×

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More

  I accept