Server path showing in HTML
The function called on the form send button – postToMailChimp() – has the server path as the second argument – see code below.
Whilst not awful – is this needed? (Full Path Disclosure (FPD))
<input type="button" class="nm_mc_button" value="Send" id="nm_mc_button-1353512887" onclick="postToMailChimp( 'DOMAIN/wp-content/plugins/nmedia-mailchimp-widget/api_mailchimp/postToMailChimp.php', 'SERVER PATH', '1353512887', '')" / >
Also (minor) you have a space between last slash and chevron.
- The topic ‘Server path showing in HTML’ is closed to new replies.