Root path visible

  • Resolved yerooon

    (@yerooon)


    10 years ago

    Sorry to bother you again, but I (well actually a friend of mine) found something that might be a security problem.

    On the form page there is an hidden field with the root path. You can see that by looking at the HTML of the page.

    Example:

    <input
type="hidden" value="/nfs/home/xxxxxxxxx/domains/domainxxxxxxx.com/public_html/wp-blog-header.php" name="rootpath"><br><br> </section>

    This is a potential security threat as hackers can see the internal path on your server.

    I can imagine you need the path to upload images, but there might be another way than to use this as a hidden field (which is visible to everyone in the HTML).

    https://wordpress.org/plugins/tt-guest-post-submit/

Viewing 1 replies (of 1 total)
  • Plugin Author Rashed Latif

    (@rashedlatif)

    10 years ago

    Thanks again Yeroon. I haven’t noticed that. I have fixed that in the updated version. I really appreciate.

Viewing 1 replies (of 1 total)
  • The topic ‘Root path visible’ is closed to new replies.