Discussion theme's include files can be accessed from the web

VERIFIED DUPLICATE of bug 374046

Status

addons.mozilla.org Graveyard
Public Pages
--
major
VERIFIED DUPLICATE of bug 374046
11 years ago
2 years ago

People

(Reporter: Wladimir Palant (for Adblock Plus info Cc bugzilla@adblockplus.org), Assigned: lorchard)

Tracking

Details

(URL)

If you view source on the URL given above you will see "<div id="AccountProfile">" - that's what this script prints before there is an error because it isn't meant as a standalone. Include files generally shouldn't be accessible. Now unfortunately access to this directory cannot be entirely forbidden because of the CSS file being there as well but you can at least forbid access to PHP files:

<Files *.php>
  Order Allow,Deny
  Deny from All
</Files>

Updated

10 years ago
Assignee: nobody → laura
Target Milestone: --- → 3.4.5

Comment 1

10 years ago
Pushing out all these discussions bugs to 3.4.6
Target Milestone: 3.4.5 → 3.4.6
(Assignee)

Updated

10 years ago
Assignee: laura → lorchard
(Assignee)

Updated

10 years ago
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 374046
Verified dup
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.