0

this line of smarty_internal_templatebase.php: $output .= preg_replace('/(<%|%>|<\?php|<\?|\?>)/', "<?php echo '\$1'; ?>\n", $curr_split); is giving me the error: Compilation failed:missing ) at..

I think it has something to do with DIRECTORY_SEPARATOR ** like here: https://stackoverflow.com/questions/1142263/php-preg-replace-compilation-failed-missing The error is strange becouse the script is core Presta/Smarty script, so I quess it shouldn't be wrong.

So how to modify that line ta avoid that error? Would appreciate any help, Thank you

Shall I

preg_quote(DIRECTORY_SEPARATOR, '#');

with

preg_replace('/(<%|%>|<\?php|<\?|\?>)/', "<?php echo '\$1'; ?>\n", $curr_split)

Improve this question

1 Answer 1

Reset to default
0

OK - the Error was connected with Prestashop vulnerability discovered in 2022/07:

https://build.prestashop-project.org/news/2022/major-security-vulnerability-on-prestashop-websites/

According to our conversations with shop owners and developers, the recurring modus operandi looks like this -

  1. The attacker submits a POST request to the endpoint vulnerable to SQL injection.

  2. After approximately one second, the attacker submits a GET request to the homepage, with no parameters. This results in a PHP file called blm.php being created at the root of the shop’s directory.

  3. The attacker now submits a GET request to the new file that was created, blm.php, allowing them to execute arbitrary instructions.

After the attackers successfully gained control of a shop...

That attempt results (among others) in error like:

Compilation failed:missing ) at.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.