Critical file (config file) is vulnerable to direct access
to view 'critical' information about the blog and the user when .htaccess is not processed.
There really only seems to be two ways to fix this.
1) Store an encryption key in a .php file, similar to password.php. This key is then used to encrypt/decrypt the plain text configuration file.
2) Store the entire configuration as a valid .php file.
Option 2 should be simpler. We can just wrap the text into a variable.
This is related to CVE-2005-1136
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.