False-positives in “Malicious Code” checking block of tables.php
-
Version 1.8.7
In
/modules/tables/views/tables.php
between lines117-140
in yourrenderTable
method, you have a custom “check for corrupted table” block which is too aggressive.It looks for a case-insensitive word
'script'
and then any of those other strings, like'pastebin'
,'createElement'
, etc. and even includes'window'
.We got a call from a client who said their tables were corrupted. I looked and they have a string similar to the following in it:
“Description: Remember smelling a freshly baked apple pie on a nearby window-sill?”
This was triggering the malicious code warning because of “description” and “nearby window-sill”. For the time being, I changed it to “Details” instead of “Description” directly in the database, so they’re working. But thought you should know so you can revise that corruption checking code.
- The topic ‘False-positives in “Malicious Code” checking block of tables.php’ is closed to new replies.