On Feb 11, 2008, at 5:30 PM, till wrote:
Please read my comment on the corrosponding ticket: http://trac.roundcube.net/ticket/1483912#comment:16
From the comment :
We have to add a note that people don't leave this file on the
server, maybe we should add something where people cannot login
when check.php is in the "root"?
A "nag" if statement is a good solution IMHO. Several web
applications I have installed either check for the existence of
troubleshooting / install scripts at the login stage to remind admins
of a possible attack vector. You might not want to prevent login, in
case the admin is in the process of testing. IMHO a big red message
is enough.
Looking through the script :
It doesn't use the DB backend chosen from the config file, it has
MDB2 hardcoded during the TZ check.
As a result I get -
Fatal error: Call to undefined function: raise_error() in /Users/ chasd/Sites/roundcube/program/include/rcube_mdb2.inc on line 104
Charles Dostale System Admin - Silver Oaks Communications http://www.silveroaks.com/ 824 17th Street, Moline IL 61265
List info: http://lists.roundcube.net/dev/