Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
Vera
Vera
Description
Sometimes if your shop was compromised once hacker can leave behind a 'back door' script in your admin panel that will allow a repeated attack. It's highly dangerous and hard to track down.
 
Solution
To prevent this problem it's recommended to disable a possibility to run PHP code on product pages. To do this please download the patch:
http://www.viart.com/downloads/common_functions-4.1.zip
 
Extract 'common_functions.php' in 'includes' folder of your shop replacing existing file. Please do not forget to make a backup copy of the current file in case something goes wrong.
 
 
 
 
Webbia
Webbia
If you, just like me, want to add this patch to a previous version, I can report that the only difference that I can find in this file compared to the default one is that the content of the function eval_php_code has been commented out, like this:
 
function eval_php_code(&$block_body)
{
/* NOTE: this code is a potential security threat as it allows to run any scripts from admin panel
if (preg_match_all("/(<\?php|<\?)(.*)\?>/Uis", $block_body, $matches)) {
for ($p = 0; $p < sizeof($matches[0]); $p++) {
ob_start();
eval($matches[2][$p]);
$output = ob_get_contents();
ob_end_clean();
$block_body = str_replace($matches[0][$p], $output, $block_body);
}
}//*/
}