durangod Posted September 27, 2014 Share Posted September 27, 2014 There are ways to stop this but remember that some of us dont want to worry about the symlink security whole. And i just was testing some stuff out on the dev install. Test this for yourself and if you see a dir listing please add this php file or make one ourself and add it to every addon folder you have. https://yoursite.com/whmcs/modules/addons/name of the addon/ if you go to that link and you see a directory listing you need to add this php file to every addon dir, it is not encrypted or anything. just create a file called index.php and inside of it put this. <?php //nothing - this is only to keep people from accessing and viewing the dir listing via the folder url. if (!defined("WHMCS")) die("This file cannot be accessed directly"); ?> and save it to every individual addon folder. taking care of the symlinks issue for us opened this up and i honstly thought this was already taken care of. WHMCS is there any way you can make sure that all devs add this file to any new updates they send to their clients or devs please do this anyway. Thanks all.. 0 Quote Link to comment Share on other sites More sharing options...
durangod Posted September 27, 2014 Author Share Posted September 27, 2014 This also goes for the WHMCS licensing addon as well which did not have one. WHMCS please include one with future sales. Not everyone has symlinks enabled as well as other config values. Thanks 0 Quote Link to comment Share on other sites More sharing options...
Infopro Posted September 27, 2014 Share Posted September 27, 2014 This thread has been retitled to be more relevant. 0 Quote Link to comment Share on other sites More sharing options...
durangod Posted September 27, 2014 Author Share Posted September 27, 2014 ok sorry about that 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.