JEXEC security check - Githubissues

joomla-extensions / jedchecker

Joomla extension to check components, modules or plugins for possible problems for submission to the JED -> Translations: https://joomla.crowdin.com/joomla-official-extensions

38 stars 28 forks source link

JEXEC security check #197

Closed JeroenMoolenschot closed 1 year ago

JeroenMoolenschot commented 1 year ago

Extension: 15933 in JED

The JEXEC security check was not found in this file. /src/Library/StorageClass.php

Reply from developer: This is correct, there is no such check as it is a pure class with no dependencies (no use statements). Accessing the file directly does not produce any artefacts, i.e. nothing is printed to the browser even at the maximum error reporting level in PHP.

Is there a way to approve this check?

dryabov commented 1 year ago

Currently JEXEC check is required for all PHP files (except of 3rdparty independent libraries with its own GPL-compatible license file). See previous discussions: #75 and #164.

peterhulst commented 1 year ago

In some of my extensions the JEXEC check works perfect, but I have also extension in which the JEXEC-check does not detect that a JEXEC is missing (e.g. in an install_contentnotifier_script.php ). I can send you the extension. Regards, Peter

dryabov commented 1 year ago

Yes, send it to denis.ryabov(at)community.joomla.org, I'll check.

peterhulst commented 1 year ago

I have sent you an example (two days ago).

dryabov commented 1 year ago

@peterhulst Thank you! (I've just found your email in the spam folder)

dryabov commented 1 year ago

@peterhulst Fixed in PR #216.