WordPress.org

Ready to get started?Download WordPress

Forums

Quick & Dirty PHPSource Printer - security fix (2 posts)

  1. Kafkaesqui

    Posted 9 years ago #

    Quick & Dirty PHPSource Printer is a script which displays source code of specified PHP files using syntax highlighting. It's designed to present the source of WordPress plugins.

    Release 1.1 resolves a problem with the original path traversal attack filtering in the script, which could be bypassed. A path traversal attack is when someone submits an arbitrary path to a file or other resource lying outside a program's directory, or those directories it's normally restricted to. If you are using Quick & Dirty PHPSource Printer, it's highly recommended that you upgrade to R1.1. To upgrade, you only need delete the current source.php on your site and upload the new one.

    Thanks goes to Seth Alan Woolley for discovering the exploit!

  2. Kafkaesqui

    Posted 9 years ago #

    Yep, one more.

    R1.1.1 is a further attempt to fix the path traversal vulnerability. Thanks to Chew Keong Tan for discovering an error in R1.1's code.

    And a link would have helped above, eh? (Late night coding...)

    http://guff.szub.net/quick-and-dirty-phpsource-printer/

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags