View Issue Details

IDProjectCategoryView StatusLast Update
0005565OXID eShop (all versions)4.04. Securitypublic2014-02-18 16:43
Reportertomas_liubinas 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.7.0 / 5.0.0 revision 51243 
Target Version4.7.10 / 5.0.10Fixed in Version4.7.10 / 5.0.10 
Summary0005565: Accessing config.inc.php directly results in Fatal error
DescriptionWhen accessing config.inc.php directly over web (http://eshop/config.inc.php) Fatal error is thrown exposing server path information.

Eg:
Fatal error: Using $this when not in object context in /mnt/hgfs/htdocs/github/oxideshop/source/config.inc.php on line 12

Error should be handled or access to the file should be restricted (over .htaccess), no server information should be ever visible for live shop.
Additional InformationReproduced in earlier versions like 4.6.x or 4.5.x too.
TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Activities

There are no notes attached to this issue.