include files
Thomas -Balu- Walter
list+roundcube-dev at b-a-l-u.de
Wed Nov 23 19:16:57 CET 2005
Hello all,
I have two short suggestions regarding include-files:
IMHO the include files (in program/include/ e.g.) should have an
".inc.php" ending to avoid calling them directly in the browser. Since
those are not config files it might not be a big security problem, but
it might still be possible to identify the roundcube version or other
"sensitive" data by having a look at them.
Another idea for those files is to disable access completely:
The files that are allowed to be called in the browser should have a
simple define at the beginning:
<?php define('ROUNDCUBE', true); ?>
The include files, etc. can now check for this define and handle it
somehow - e.g.:
<?php if (!defined('APPLICATION')) exit('You are not allowed to call this file directly.'); ?>
Another solution could be a redirect to the index page using header()?
Balu
PS: I know, coding-style is a very picky topic and of course personal
preference, but is there any chance to make you switch to the PEAR
coding standards regarding indents, brackets, ...? :-)
-> http://pear.php.net/manual/en/standards.php
More information about the Dev
mailing list