Deal with NotFound better?

[sethjohnson1]

Missing controller errors for hacking attempts, wildcard in routes.php perhaps?

example:

Request URL: /wp-includes/block-patterns/themes.php Client IP: ******* 2024-09-25 20:27:54 error: [Cake\Http\Exception\MissingControllerException] Controller class 'WpIncludes' could not be found. in vendor/cakephp/cakephp/src/Controller/ControllerFactory.php on line 335 Stack Trace:

[sethjohnson1]

I disabled the config/routes.php $builder->fallbacks()

below is just FYI, I will grep around soon and fix others

The only thing is URL builders will need to be updated to proper syntax. Params after the URL like this:

echo $this->Html->link( 'Arithmetic Geometry', array('controller'=>'Conferences','ag-nt'));

instead of this

echo $this->Html->link('Arithmetic Geometry', array('controller'=>'Conferences','action'=>'ag-nt'));

(there is no action with that name, and with fallbacks disabled it throws an error)

And for file extensions like ics, there is a _ext key:

echo $this->Html->link('iCalendar .ics', array('action'=>'view',$conference['id'],'_ext'=>'ics'), array('escape' => false,'class'=>'ics button'));

Lastly, for actions that do not accept a param, just tack anything else on the end:

echo $this->Html->link('json and xml interfaces', array('action'=>'about').'#xml_json_about')

[sethjohnson1]

Ah OK, I think we can leave the fallbacks enabled. I added check of the tagstring and unsupported file extensions. Should be fine now

[nilesjohnson]

merged to main and pulled to production; works fine! I'm going to leave this for you to close in case you have something else you want to do.