View source of any file on server (PHP end not already parsed code) - Printable Version +- GetSimple Support Forum (http://get-simple.info/forums) +-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3) +--- Forum: General Questions and Problems (http://get-simple.info/forums/forumdisplay.php?fid=16) +--- Thread: View source of any file on server (PHP end not already parsed code) (/showthread.php?tid=1095) |
View source of any file on server (PHP end not already parsed code) - eXodus - 2010-11-03 Just take a look at the link below for example: Code: http://demo.opensourcecms.com/getsimple/admin/download.php?file=/home/opencms/public_html/demo/getsimple/index.php I can view the pre-parsed code from any file on the server (that the user (of the server) it's on has access to) Just droppin' a note View source of any file on server (PHP end not already parsed code) - Zegnåt - 2010-11-03 Thanks for telling us about this. We already use a parser to stop you from being able to use “../†but we didn’t think about absolute paths. This will be fixed in the next update. View source of any file on server (PHP end not already parsed code) - RobA - 2010-11-04 Only if logged in to the admin panel, though, correct? -Rob A> View source of any file on server (PHP end not already parsed code) - Zegnåt - 2010-11-04 RobA Wrote:Only if logged in to the admin panel, though, correct?Yes, only if logged in. download.php checks your login before allowing you to download anything. |