Undefined index in cron_runner

hi,

in my debug log, I can see that
{17190:Wed, 24 Jan 2018 01:35:07 GMT} Zenphoto v1.4.14 NOTICE: Undefined index: link in /home/avbo7291/public_html/zenphoto/zp-core/cron_runner.php on line 16 {26594:Sun, 28 Jan 2018 22:21:34 GMT} NOTICE: Undefined index: link in /home/avbo7291/public_html/zenphoto/zp-core/cron_runner.php on line 16

and in the same time I can see in my security log:
2018-01-24 02:35:07 65.55.210.73 Admin access Failed /zp-core/cron_runner.php 2018-01-28 23:21:34 199.30.24.102 Admin access Failed /zp-core/cron_runner.php

any explanations of that log?

in fact, in actual code of cron_runner.php, I can see (1st line is line 16):
[...] $link = sanitize($_POST['link']); if (isset($_POST['auth'])) { $auth = sanitize($_POST['auth']); $admin = $_zp_authority->getMasterUser(); if (sha1($link . serialize($admin)) == $auth && $admin->getRights()) { $_zp_current_admin_obj = $admin; $_zp_loggedin = $admin->getRights(); } }

and there is no test if $_POST['link'] is set or not

Comments

  • acrylian Administrator

    I have no idea about why the message appears. The db backup tool uses this for example. It might very well be an attempt by someone to do something unwanted.

    I have added index check for "link" it to the support build

Sign In or Register to comment.