I noticed two interesting things.
1. $phpbb_root_path is used two different ways. One way is for machine local access where an absolute directory path on the server will work. The second is a relative path in a URL. 15+ years of writing code says this is a great recipe for disaster.
2. Many files still don't contain the simple
- Code: Select all
if ( !defined('IN_PHPBB') ){ die('Hacking attempt');}
block.
Before I go off and stick that code in all of the files, particularly in include, is there something I might break?
Are any of the other files vulnerable?
Did I just tell everyone how to do the next hack?
- John
2.