when specifying a path instead of a url in a block
it is possible to see the local file on the server
the block as text..
Title : notTrusted
Type : url
Site Location : whatever
Source URL : ./config.php3
Expire Length : 0
Owned by section : **not** the home section
Data : (empty)
Order number : whatever
On assassine.org (apache/php3.0.16) it displays the
content of the config.php3 as text in a block.
It might become an issue if blockAdmin.php3 gives
add/edit/remove permission to some users that are not
supposed to access the filesystem.
Log in to post a comment.