2015-07-01 12:59
浏览 22


I am using opencart I was just checking some random tricks and i write the url index.php?route=common/home to index.php?route=common/home%00. And it showed me an error Warning: is_dir() expects parameter 1 to be a valid path, string given in \system\engine\action.php on line 18 Didn't understand why this happened. Any one can please help me to know why this error occured and how can i solve it??

图片转代码服务由CSDN问答提供 功能建议

我正在使用 opencart 。 我只是检查一些随机技巧,我将url index.php?route = common / home 写入 index.php?route = common / home%00 。 并且它向我显示错误警告:is_dir()期望参数1是有效路径,第18行的\ system \ engine \ action.php中给出的字符串不明白为什么会发生这种情况。 任何人都可以请帮助我知道为什么会出现这个错误,我该如何解决呢?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • douan9541 2015-07-01 23:39

    After some research I found that it's actually a bug in PHP (reported here @ 2/4/2015 and already fixed)

    What's your problem about?
    Null byte (%00) causes truncation in PHP strings (which is normal I think because PHP strings are implemented through c strings)

    So what's happening in OC?

    • Open the file <OC_ROOT>\system\engine\action.php (the one you got the error in), class Action resides there and it's responsible for parsing the route parameter, determining the appropriate controller to be loaded + which function in that controller to call and keeping the method arguments so as to be passed later during execution
    • In that line
      $file = DIR_APPLICATION . 'controller/' . str_replace(array('../', '..\', '..'), '', $path) . '.php';
      You will notice that the controller file is loaded through appending a .php to the $path variable constructed by parsing the route parameter, since you have added an extra null byte to the route, $file looks like this: bla bla bla/common/home\0.php, the \0 results in stripping the .phpwhich leads to a non existing file path, that's why OC loads the error page

    How to solve it
    Simply turn off warnings from your project, If you mean by "how can i solve it?" making it work, then just strip null bytes from route parameter before parsing it (in the same file), but I don't advise you to do that because it's a handled hack and you will be de-handling it :D

    点赞 打赏 评论
  • dq62957 2015-07-06 06:38

    This is only warning for this opencart version. For quick solution, You will add "error_reporting(0);" in the __construct function.

    Thank You.

    点赞 打赏 评论

相关推荐 更多相似问题