Quick & Dirty PHPSource Printer is a script which displays source code of specified PHP files using syntax highlighting. It’s designed to present the source of WordPress plugins.
Release 1.1 resolves a problem with the original path traversal attack filtering in the script, which could be bypassed. A path traversal attack is when someone submits an arbitrary path to a file or other resource lying outside a program’s directory, or those directories it’s normally restricted to. If you are using Quick & Dirty PHPSource Printer, it’s highly recommended that you upgrade to R1.1. To upgrade, you only need delete the current source.php on your site and upload the new one.
Thanks goes to Seth Alan Woolley for discovering the exploit!
- The topic ‘Quick & Dirty PHPSource Printer – security fix’ is closed to new replies.