hack attempts generating errors

[proseLA]

usu/includes/classes/usu.php

Line 1578 in a2956e6

if ($parsed_uri['path'] != $this->redirect_uri['path'] && rawurldecode($parsed_uri['path']) != $this->redirect_uri['path']) {

hi cindy,
i am getting errors on this line:

PHP Notice: Undefined index: path

i have tracked it done in my logs to:

[14/Dec/2020:08:45:22 -0800] "GET //xmlrpc.php?rsd

its easy to test, as with logging set to ignoreDups or all you can enter:

yoursite.com//xmlrpc.php?rsd

and you should see the notices. i have been able to address this notice by changing the above line of code to:

if (!isset($parsed_uri['path']) || ($parsed_uri['path'] != $this->redirect_uri['path'] && rawurldecode($parsed_uri['path']) != $this->redirect_uri['path'])) {

best.
p.

[lat9]

What version of Zen Cart? When I use that URL on a zc155f installation, I'm seeing the following in the network activity tab:

... and no associated PHP notices.

[proseLA]

interesting, i'm running v157b. i see the same thing in the network tab. the redirect operates fine. when i do a print_r($parsed_uri); prior to that line, i only see the array elements of host and query.

are you sure you are using the double slash? ie, mysite.com//xmlrpc.php?rsd. the // is what causes the notice.

[lat9]

Agreed, on 155f with the // no notices from usu.php. I'm guessing that something, well a lot of somethings, changed in the years from 155f to 157b.

[lat9]

Since I can't re-create (I've not, yet, installed on zc157b), I'll take your word for the suggested change.