The simpler media website CMS
hi,
in my debug log, I can see that{17190:Wed, 24 Jan 2018 01:35:07 GMT} Zenphoto v1.4.14 NOTICE: Undefined index: link in /home/avbo7291/public_html/zenphoto/zp-core/cron_runner.php on line 16 {26594:Sun, 28 Jan 2018 22:21:34 GMT} NOTICE: Undefined index: link in /home/avbo7291/public_html/zenphoto/zp-core/cron_runner.php on line 16
and in the same time I can see in my security log:2018-01-24 02:35:07 65.55.210.73 Admin access Failed /zp-core/cron_runner.php 2018-01-28 23:21:34 199.30.24.102 Admin access Failed /zp-core/cron_runner.php
any explanations of that log?
in fact, in actual code of cron_runner.php, I can see (1st line is line 16):[...] $link = sanitize($_POST['link']); if (isset($_POST['auth'])) { $auth = sanitize($_POST['auth']); $admin = $_zp_authority->getMasterUser(); if (sha1($link . serialize($admin)) == $auth && $admin->getRights()) { $_zp_current_admin_obj = $admin; $_zp_loggedin = $admin->getRights(); } }
and there is no test if $_POST['link']
is set or not
Comments
I have no idea about why the message appears. The db backup tool uses this for example. It might very well be an attempt by someone to do something unwanted.
I have added index check for "link" it to the support build
comment to be deleted (error of me)
Allright ;-)