GetSimple Support Forum

GetSimple Support Forum > GetSimple > General Questions and Problems > View source of any file on server (PHP end not already parsed code)
Full Version: View source of any file on server (PHP end not already parsed code)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

eXodus

2010-11-03, 11:44:59
Just take a look at the link below for example:

Code:
http://demo.opensourcecms.com/getsimple/admin/download.php?file=/home/opencms/public_html/demo/getsimple/index.php

I can view the pre-parsed code from any file on the server (that the user (of the server) it's on has access to)

Just droppin' a note Smile

Zegnåt

2010-11-03, 20:26:18
Thanks for telling us about this. We already use a parser to stop you from being able to use “../” but we didn’t think about absolute paths. This will be fixed in the next update.

RobA

2010-11-04, 02:40:55
Only if logged in to the admin panel, though, correct?

-Rob A>

Zegnåt

2010-11-04, 02:48:35
RobA Wrote:Only if logged in to the admin panel, though, correct?
Yes, only if logged in. download.php checks your login before allowing you to download anything.
GetSimple Support Forum > GetSimple > General Questions and Problems > View source of any file on server (PHP end not already parsed code)