Hi,
Today I got mail from my hosting provider that code in /components/com_chronocontact/chronocontact.html.php contains malicous code that is possible from which is possible to hack their server.
Site is using Chronoforms 3.1RC5.2
Hi thinman,
What they should have said is that the file contains code that their checker has flagged as 'possibly contains malicious code'. That would be correct. In fact the code isn't malicious and you should ask them to white-list it to prevent any future false positive results.
Bob
I got response from hosting company and they do not allow accessing shell from php (stating that this code does exactly that)
How is this dealt with newer version of Chronoforms (v4) ?
Hi thinman ,
I don't believe that ChronoForms calls the shell from PHP - at least I don't remember that being reported here. It's much more likely that they are flagging the use of eval or base_64encode.
Please ask them to give you the line references to the offending code then we can be sure.
As far as I know CFV4 uses very similar code to CFv3 - but hard to be sure without the code reference.
Bob