Anonymous | Login | Signup for a new account | 2024-03-29 04:35 CDT |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Dependency Graph | [ View Issue ] [ Relation Graph ] [ Vertical ] | |||
|
||||
|
Viewing Issue Simple Details | |||||
ID | Category | Type | Reproducibility | Date Submitted | Last Update |
0000159 | [In-Portal CMS] Security | bug report | always | 2009-07-31 02:45 | 2009-10-03 07:56 |
Reporter | alex | View Status | public | ||
Assigned To | Dmitry | ||||
Priority | critical | Resolution | fixed | ||
Status | closed | ||||
Summary | 0000159: Prevent of Execution of System Files of files other, then "index.php" and "admin/index.php" | ||||
Description |
Currently there is possible to execute individual In-Portal files. Usually people doesn't do that, but just in case I propose to add mentioned later code to all files with ".php" extension, that doesn't contain class declarations or are unit configs. Code: defined('FULL_PATH') or die('restricted access!'); |
||||
Additional Information |
Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic In-Portal Open Source CMS |