Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Virtuemart Development and bug reports => Topic started by: bcohen0 on July 20, 2017, 06:01:08 AM

Title: unprotected strpos in administrator/components/com_virtuemart/models/product.php
Post by: bcohen0 on July 20, 2017, 06:01:08 AM
I have version 3.2.2 .

on line 275, $orderBy was initialized to space:

      $orderBy = ' ';


On line 613, there is the code:

if(strpos($orderBy,$field,6)!==FALSE){

I ended up on this line with $orderBy still being just an empty space and got several php warnings that the index of 6 was out of bounds, since it's in a loop.  I don't know why it's being initialized anyway, since it seems nothing is depending upon it having a leading space. Maybe it could just be initalized to null, and the strpos could check for that.

But I could be wrong, just thought I'd post it.


Title: Re: unprotected strpos in administrator/components/com_virtuemart/models/product.php
Post by: Milbo on August 02, 2017, 21:24:52 PM
Thank you, yes I added it for the next version.

Code Select

$productLangFields = array('product_s_desc','product_desc','product_name','metadesc','metakey','slug');
if(!empty($orderBy)){
foreach($productLangFields as $field){
if(strpos($orderBy,$field,6)!==FALSE){
$langFields[] = $field;
$orderbyLangField = $field;
$joinLang = true;
break;
}
}
}
Text only | Text with Images