View source of any file on server (PHP end not already parsed code)

View source of any file on server (PHP end not already parsed code) - Printable Version

+- GetSimple Support Forum (http://get-simple.info/forums)
+-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3)
+--- Forum: General Questions and Problems (http://get-simple.info/forums/forumdisplay.php?fid=16)
+--- Thread: View source of any file on server (PHP end not already parsed code) (/showthread.php?tid=1095)

View source of any file on server (PHP end not already parsed code) - eXodus - 2010-11-03

Just take a look at the link below for example:

Code:
http://demo.opensourcecms.com/getsimple/admin/download.php?file=/home/opencms/public_html/demo/getsimple/index.php

I can view the pre-parsed code from any file on the server (that the user (of the server) it's on has access to)

Just droppin' a note Smile

View source of any file on server (PHP end not already parsed code) - ZegnÃƒÂ¥t - 2010-11-03

Thanks for telling us about this. We already use a parser to stop you from being able to use Ã¢Â€Âœ../Ã¢Â€Â but we didnÃ¢Â€Â™t think about absolute paths. This will be fixed in the next update.

View source of any file on server (PHP end not already parsed code) - RobA - 2010-11-04

Only if logged in to the admin panel, though, correct?

-Rob A>

View source of any file on server (PHP end not already parsed code) - ZegnÃƒÂ¥t - 2010-11-04

RobA Wrote:Only if logged in to the admin panel, though, correct?

Yes, only if logged in. download.php checks your login before allowing you to download anything.