[Pmwiki-users] Safer .php-files
Christian Ridderström
chr
Thu Feb 26 04:42:16 CST 2004
Hi
I'd like some opinions on putting this first in all .php-files:
if(!isset($Version)) {
header('Content-Type: text/plain');
print implode('',file($_SERVER['SCRIPT_FILENAME']));
exit;
}
The idea is that the variable '$Version' which is set by pmwiki.php must
exist, otherwise the current .php file is simply shown as text.
Is there a risk that $_SERVER['SCRIPT_FILENAME'] won't be portable?
As for the variable, it's actually defined in scripts/version.php and I
would prefer using variable defined directly in pmwiki.php, and that
it has a more verbose name. E.g. something like:
$PmWiki = true;
$PmWikiDefined = true;
$PmWikiRunning = true;
$PmWikiVersion = $Version;
Patrick, what do you think of adding one of the variables above to
pmwiki.php?
/Christian
PS. For those who like security through obscurity, use this code:
if(!isset($Version)) { exit; }
--
Christian Ridderstr?m http://www.md.kth.se/~chr
More information about the pmwiki-users
mailing list