Jump to content

[SECURITE] SPAM Customer Account : solution [1.3 -> 1.5]


doekia
 Share

Recommended Posts

Same applies to 1.4 - 1.3

La même chose s'applique au 1.4 et 1.3

Customer.php replace

        protected $fieldsValidate = array('secure_key' => 'isMd5', 'lastname' => 'isName', 'firstname' => 'isName', 'email' => 'isEmail', 'passwd' => 'isPasswd',
                 'id_gender' => 'isUnsignedId', 'birthday' => 'isBirthDate', 'newsletter' => 'isBool', 'optin' => 'isBool', 'active' => 'isBool', 'note' => 'isCleanHtml', 'is_guest' => 'isBool');
        protected $exclude_copy_post = array('secure_key', 'active', 'date_add', 'date_upd', 'last_passwd_gen', 'newsletter_date_add', 'id_default_group', 'ip_registration_newsletter', 'note', 'is_guest', 'deleted');

by

        protected $fieldsValidate = array('secure_key' => 'isMd5', 'lastname' => 'isCustomerName', 'firstname' => 'isCustomerName', 'email' => 'isEmail', 'passwd' => 'isPasswd',
                 'id_gender' => 'isUnsignedId', 'birthday' => 'isBirthDate', 'newsletter' => 'isBool', 'optin' => 'isBool', 'active' => 'isBool', 'note' => 'isCleanHtml', 'is_guest' => 'isBool');
        protected $exclude_copy_post = array('secure_key', 'active', 'date_add', 'date_upd', 'last_passwd_gen', 'newsletter_date_add', 'id_default_group', 'ip_registration_newsletter', 'note', 'is_guest', 'deleted');

 

Validate.php mainly identical patch:

    public static function isCustomerName($name)
    {
        if (preg_match('/www|http/ui',$name)) {
        	return false;
        }

        return preg_match('/^[^0-9!\[\]<>,;?=+()@#"°{}_$%:\/\\\*\^]*$/u', $name);
    }

 

Share this post


Link to post
Share on other sites

  • doekia changed the title to [SECURITE] SPAM Customer Account : solution [1.3 -> 1.7]
  • endriu107 pinned this topic
  • endriu107 locked this topic
  • selectshop.at unpinned this topic
Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More