Answer the question
In order to leave comments, you need to log in
Virusdie vs preg_replace. Is there a virus?
Good day everyone!
I received a letter from the hoster saying that after scanning by Virusdie, you have detected the malicious code PregReplace.E.
It was found in three ways: /tmp/install_54ee9eb21856e/lib_rokcommon/Doctrine/Adapter/Statement/Oracle.php, /components/com_uddeim/includes.php
and
/libraries/rokcommon/Doctrine/Adapter/Statement/Oracle.php rokcommon:
/**
* Parse actual query from queryString and returns OCI statement handler
* @param string Query string to parse, if NULL, $this->queryString is used
*
* return resource OCI statement handler
*/
private function parseQuery($query =null)
{
if (is_null($query)) {
$query = $this->queryString;
}
$bind_index = 1;
// Replace ? bind-placeholders with :oci_b_var_ variables
$query = preg_replace("/(\?)/e", '":oci_b_var_". $bind_index++' , $query);
$this->statement = @oci_parse($this->connection, $query);
if ( $this->statement == false )
{
throw new Doctrine_Adapter_Exception($this->getOciError());
}
return $this->statement;
}
code from com_uddeim:
// $val = preg_replace('/<(.*?)>/ie', "'<' . preg_replace(array('/javascript:[^\"\']*/i', '/(" . implode('|', $aDisabledAttributes) . ")=[\"\'][^\"\']*[\"\']/i', '/\s+/'), array('', '', ' '), stripslashes('\\1')) . '>'", $val);
it is commented out, so it does not cause concern and, in principle, it can be deleted.
What about rockcommon? In principle, I cleaned tmp, it remains only in the libraries ..
Please tell me.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question