Rowhelper crash config.xml
-
If in rowhelper element (input type, for example) will entered \1 or \2 or any other \xx string, then this will writed as non-printable CHR symbol with \xx code.
Look /usr/local/www/pkg_edit.php [144]// save rowhelper items. for($x=0; $x<99; $x++) { // XXX: this really should be passed from the form. // XXX: this really is not helping embedded platforms. foreach($fields['rowhelper']['rowhelperfield'] as $rowhelperfield) { if($firstfield == "") { $firstfield = $rowhelperfield['fieldname']; } else { if($firstfield == $rowhelperfield['fieldname']) $rows++; } $comd = "\$value = \$_POST['" . $rowhelperfield['fieldname'] . $x . "'];"; eval($comd); if($value <> "") { # bad code $comd = "\$pkgarr['row'][" . $x . "]['" . $rowhelperfield['fieldname'] . "'] = \"" . $value . "\";"; # //echo($comd . " "); # will executed here eval($comd); # myfix - change eval to real code $pkgarr['row']["$x"][$rowhelperfield['fieldname']] = $value; } } }
-
Solved