View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005565 | OXID eShop (all versions) | 4.04. Security | public | 2013-12-09 09:54 | 2014-02-18 16:43 |
| Reporter | tomas_liubinas | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.7.0 / 5.0.0 revision 51243 | ||||
| Target Version | 4.7.10 / 5.0.10 | Fixed in Version | 4.7.10 / 5.0.10 | ||
| Summary | 0005565: Accessing config.inc.php directly results in Fatal error | ||||
| Description | When accessing config.inc.php directly over web (http://eshop/config.inc.php) Fatal error is thrown exposing server path information. Eg: Fatal error: Using $this when not in object context in /mnt/hgfs/htdocs/github/oxideshop/source/config.inc.php on line 12 Error should be handled or access to the file should be restricted (over .htaccess), no server information should be ever visible for live shop. | ||||
| Additional Information | Reproduced in earlier versions like 4.6.x or 4.5.x too. | ||||
| Tags | No tags attached. | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
