juliyvchirkov

jmsslider module also has critical security issue at ajax_jmsslider.php one can upload any file type with any extension thru POST request /modules/jmsslider/ajax_jmsslider.php?action=addLayer&id_slide=attari&data_type=image uploaded file is moved to /modules/jmsslider/views/img/layers/ folder sample log follows - - 02/Jan/2021:15:04:50 +0200 `POST /modules/jmsslider/ajax_jmsslider.php?action=addLayer&id_slide=attari&data_type=image` 200 /home/zalupa/htdocs/modules/jmsslider/ajax_jmsslider.php 140.453 4096 42.72% - - 02/Jan/2021:15:04:51 +0200 `GET /modules/jmsslider/views/img/layers/small.php` 200 /home/zalupa/htdocs/modules/jm sslider/views/img/layers/small.php 0.806 2048 0.00%

jmsslider module also has critical security issue at ajax_jmsslider.php one can upload any file type with any extension thru POST request /modules/jmsslider/ajax_jmsslider.php?action=addLayer&id_slide=attari&data_type=image uploaded file is moved to /modules/jmsslider/views/img/layers/ folder sample log follows - - 02/Jan/2021:15:04:50 +0200 `POST /modules/jmsslider/ajax_jmsslider.php?action=addLayer&id_slide=attari&data_type=image` 200 /home/zalupa/htdocs/modules/jmsslider/ajax_jmsslider.php 140.453 4096 42.72% - - 02/Jan/2021:15:04:51 +0200 `GET /modules/jmsslider/views/img/layers/small.php` 200 /home/zalupa/htdocs/modules/jm sslider/views/img/layers/small.php 0.806 2048 0.00%

afair when presta is running shop in ml env, to process things it applies current language of active visitor, not the language you're using in your shop backoffice or trying to apply w/ your script moreover, presta all the time is pedantically tracking the settings of each visitor, & it restores the «correct» language (i.e. the language chosen by visitor || applied in shop fe by default) as far as the core gets the control back from your module while developing some module you can easily & quickly retrieve visitor's language (along w/ bunch of other cool & useful things, btw) anytime you'll need to apply it in your code from Context object just init it once at the startpoint $context = Context::getContext(); & then use when needed, like $langID = $this->context->language->id; or $customerID = $this->context->customer->id; et cetera in addition to my comment I'd also recommend to review the official developer's guide on Context object hope it helps

malachiel, there's no reason to duplicate this nginx rule per language. the one block is enough location ~* "^/[a-z]{2}/index.php" { rewrite ^(.*)$ /index.php?$args last; } I've faced the same trouble this fall & been forced to code the solution above I've also included this block into my port of config to run presta 1.6 w/ nginx. the port is based on original settings & restrictions from prestashop bundle aimed at apache httpd, you're welcome to review & download or clone it at my github https://github.com/juliyvchirkov/nginx-prestashop/blob/master/fpm-prestashop.conf regards, juliy

hi man, thanks a lot for the info in update — although it's 2016 & v1.6.1.4, the problem is still actual