Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

[Solved] Bug... Risk Level High

oriname1oriname1
edited January 2011 in Vanilla 2.0 - 2.8
Why is it possible for signed members and vistors to browse the Vanilla folder directories and sub directories... from their browser...eg
http://localhost/vanilla/applications/
http://localhost/vanilla/dashboard/
http://localhost/vanilla/skeleton/
http://localhost/vanilla/vanilla/

When i typed the above url i can see and edit the files...

Tagged:

Comments

  • idontwanttortfmidontwanttortfm
    This behavior is the result of your web server configuration. For example, if you're using Apache for your webserver, you can prevent this in the server config by creating or modifying a Directory entry and excluding Indexs from the Options line. If .htaccess files are allowed, you can create or edit the .htaccess file in the Vanilla directory with this line:

    Options -Indexes
  • oriname1oriname1
    Added the Options -Indexes to the .htaccess file in the vanilla directory. It worked. Thanks
  • garymardellgarymardell
    Its not a huge problem, as anyone can download a copy of vanilla and see the file structure.
  • ShadowdareShadowdare MVP
    Excellent solution. Thanks!

    Add Pages to Vanilla with the Basic Pages app

Sign In or Register to comment.