Please read and follow the COMMON ISSUES first!
Always add your version information in every new post! Thank you!

Form2Content Forum

Questions and answers for Form2Content, a Joomla CCK.
  1. Sam M
  2. Form2Content Lite & Pro
  3. Tuesday, 12 December 2017
  4.  Subscribe via email
I use the https://myjoomla.com/ site management system.
It's very slick, and they constantly update their database with issues.

They have been flagging some F2C files as potentially malicious for a long time, but I've ignored it.
I'm submitting the info here for your consideration.

My hope is that you might be willing to communicate with them and resolve this false positive.
They work with a lot of Joomla sites, so it may be worthwhile for you to resolve this issue.

This is a list of files flagged by their system.
I realize this is in the smarty plugin, so all it may require is getting MyJoomla to whitelist the files.

/components/com_form2content/libraries/smarty/sysplugins/smarty_internal_function_call_handler.php
L48 eval($content);

/components/com_form2content/libraries/smarty/SmartyBC.class.php
L456 eval($content);

/components/com_form2content/libraries/smarty/plugins/block.php.php
L20 eval($content);
Responses (5)
Sam M Accepted Answer Pending Moderation
I've submitted the report to myJoomla.
  1. more than a month ago
  2. Form2Content Lite & Pro
  3. # 1
F2C webmaster Accepted Answer Pending Moderation
Hi Sam,

Thanks for letting us know!

Regards,
Patrick
Please read the F2C documentation before asking questions! Thank you if you've done so ;)
  1. more than a month ago
  2. Form2Content Lite & Pro
  3. # 2
Sam M Accepted Answer Pending Moderation
From MyJoomla:
"eval() use will ALWAYS be flagged - as eval is the most used and most dangerous php function
We will not be changing that."

I suggested whitelisting the specific Smarty files or even the specific lines of code.

I have appreciated F2C over the years, and I don't want people to be concerned about using your extension.
  1. more than a month ago
  2. Form2Content Lite & Pro
  3. # 3
Julien Accepted Answer Pending Moderation
Hi Sam,

Yes I understand why they flag these files, since eval is indeed a potential dangerous function.
What they don't know that the eval functionality can only be called by the template maker, who can choose whether to use or not use such a function.

Any idea how this whitelisting process works at myJoomla?

best,
Julien
  1. more than a month ago
  2. Form2Content Lite & Pro
  3. # 4
Sam M Accepted Answer Pending Moderation
I would suggest submitting a contact request.
I think it's better for your extension and their service if there are not false positives for their hack alerts.

I ignore them when related to F2C...which isn't good because there may be a time when something is compromised, and I overlook it....
  1. more than a month ago
  2. Form2Content Lite & Pro
  3. # 5
  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.