Quick & Dirty PHPSource Printer – security fix | WordPress.org

Kafkaesqui
(@kafkaesqui)

18 years, 9 months ago

Quick & Dirty PHPSource Printer is a script which displays source code of specified PHP files using syntax highlighting. It’s designed to present the source of WordPress plugins.

Release 1.1 resolves a problem with the original path traversal attack filtering in the script, which could be bypassed. A path traversal attack is when someone submits an arbitrary path to a file or other resource lying outside a program’s directory, or those directories it’s normally restricted to. If you are using Quick & Dirty PHPSource Printer, it’s highly recommended that you upgrade to R1.1. To upgrade, you only need delete the current source.php on your site and upload the new one.

Thanks goes to Seth Alan Woolley for discovering the exploit!

Viewing 1 replies (of 1 total)

Thread Starter Kafkaesqui
(@kafkaesqui)

18 years, 9 months ago

Yep, one more.

R1.1.1 is a further attempt to fix the path traversal vulnerability. Thanks to Chew Keong Tan for discovering an error in R1.1’s code.

And a link would have helped above, eh? (Late night coding…)

http://guff.szub.net/quick-and-dirty-phpsource-printer/

Viewing 1 replies (of 1 total)

The topic ‘Quick & Dirty PHPSource Printer – security fix’ is closed to new replies.

Tags

print

In: Plugins
1 reply
1 participant
Last reply from: Kafkaesqui
Last activity: 18 years, 9 months ago
Status: not a support question

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics