fusio icon indicating copy to clipboard operation
fusio copied to clipboard
verified publisher icon apioo

Suspicious Files reported by CXS Cpanel

Open ParsaSwift opened this issue 7 years ago • 5 comments

(1) userx22, Scanning /home/userx22/public_html:

'/home/userx22/public_html/api/vendor/symfony/console/Resources/bin/hiddeninput.exe' MS Windows Binary/Executable [application/x-winexec]

'/home/userx22/public_html/api/vendor/symfony/debug/Resources/ext/symfony_debug.c' Suspicious file type [application/x-c]

ParsaSwift avatar Apr 21 '18 19:04 ParsaSwift

Hi, so the hiddeninput.exe file is needed in the symfony console package to provide a way on windows to enter a password without showing it on the screen. It is also used by composer, the repository is at https://github.com/Seldaek/hidden-input so I think it is no problem. It is probably marked as suspicious simply because it is an .exe file.

The symfony_debug.c is the source code of the symfony debug PHP extension. The the code simply lies in the repository so it comes through composer. In the latest version the C code was also removed so if we update the dependency the file gets removed.

chriskapp avatar Apr 22 '18 08:04 chriskapp

thank you

ParsaSwift avatar Apr 22 '18 13:04 ParsaSwift

also when I refresh the pages like /developer/documentation/* it gives me 404 error from LiteSpeed i think it is a cause of htaccess or something

ParsaSwift avatar Apr 22 '18 14:04 ParsaSwift

Yes, so the /developer/documentation/ app contains a base tag <base href="/developer/"> which you may need to adjust to your base path and it contains also a .htaccess file with RewriteBase /developer. By defualt Fusio assumes that it gets installed on a custom sub-domain i.e. api.acme.com. The developer app needs this base tag so that we can use clean urls like i.e. /developer/documentation/ instead of /developer/index.html#!/documentation/. This is needed especially for the Oauth2 authorize endpoint since some OAuth2 clients cant redirect to hash-tag based urls.

chriskapp avatar Apr 23 '18 06:04 chriskapp

Here's a simple .htaccess file code you can use for RewriteBase.

Options -MultiViews -Indexes 
RewriteEngine On

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

Geekgurus avatar Apr 27 '23 03:04 Geekgurus