[wp-testers] It is a bug here??
Alexander Beutl
xel at netgra.de
Tue Apr 15 13:55:47 GMT 2008
>
> If it worries you, you could add some deny rules to your .htaccess
>
this wouldn't be too smart - especially when you add
> wp-includes/js/tinymce/tiny_mce_config.php
>
into the deny's and do not own a static ip ;-) (yes there are possibilies
anyway)
What I would worry about is directory listing ON...
you may be able to turn this off (this depends on wether the hoster allows
this or not) with
*Options -Indexes
*in the .htaccess.
If you have confixx as management panel you sould be able to turn it off
there - no experience with the other management panels but could be possible
with them too...
2008/4/15, Aaron D. Campbell <aaron at xavisys.com>:
>
> You can't view the source of those files, what you see for example when
> you go to http://xavisys.com/wp-includes/js/tinymce/tiny_mce_config.php is
> the Javascript that this file is supposed to be outputting. If you compare
> that to the actual contents of the file, you will see the difference. In
> short, as long as your server is parsing PHP and not sending the entire
> contents of the file to the browser, you should be fine. If it worries you,
> you could add some deny rules to your .htaccess
>
> crime_genius86 wrote:
>
> > http://www.yourdomain.com/wp-includes
> > you can directly open here, and may view all of the source file..
> >
> > http://www.yourdomain.com/wp-includes/js/tinymce/tiny_mce_config.php
> > http://www.yourdomain.com/wp-content/themes/
> > it is normal people can view this? or we must fix it up??
> >
> > [crime_genius86]
> >
>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
More information about the wp-testers
mailing list