Undefined index: path (version 1.9.1)

  • Resolved spottedpaint

    (@spottedpaint)


    3 years, 4 months ago

    Hi,

    There seems to be a new error in version 1.9.1
    Sometimes $request[‘path’] is undefined on line 541;

    An example url that triggered the error is
    https://example.com//mirasvit_adminer_425.php

    I think its the double // after the domain name. “mirasvit_adminer_425.php” does not exist on the server.

    The website is being pounded by people guessing logins with made up urls like this. So its probably not natural traffic.

    I’ve fixed it by adding an isset on the index at line 541

    			if ( ! is_user_logged_in() && isset($request['path']) && $request['path'] === '/wp-admin/options.php' ) {
				header('Location: ' . $this->new_redirect_url() );
				die;
			}
Viewing 2 replies - 1 through 2 (of 2 total)
  • Anonymous User 17880307

    (@anonymized-17880307)

    See https://www.ads-software.com/support/topic/php-wanring-errors/#post-15078234, warnings and notices are not actual errors. The code still works, PHP just warns or notifies about the missing isset-check.

    Mirasvit might be connected to the Magento 2 module developer and maybe they have used adminer in some cases and attackers are trying to exploit some outdated and insecure Magento 2 instances. Not sure, but this is not related to the login URL in general.

    • This reply was modified 3 years, 4 months ago by Anonymous User 17880307.
    Thread Starter spottedpaint

    (@spottedpaint)

    The main thing was to tell you about it. As long as your aware its up to you if you want to change your code or not.

    The mirasvit url is just an example to make it easier to reproduce.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Undefined index: path (version 1.9.1)’ is closed to new replies.