-
Type:
Task
-
Status: Unverified Fix (View Workflow)
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 3.0.8
-
Fix Version/s: 3.0.9-RC1
-
Component/s: None
-
Labels:None
This issue was first reported by lacton via the security tracker.
In certain conditions, phpBB is exposing the full path of cron.php. ie apache access log shows requests:
"GET /var/www/jadephpbb/httpdocs/cron.php?cron_type=tidy_search HTTP/1.1" 404 304 "https://forums.jadeworld.com/viewtopic.php?f=9&t=1206&start=0"
Support topic: http://www.phpbb.com/community/viewtopic.php?f=46&t=2121664
- is related to
-
PHPBB3-8334 common.php code for IN_CRON
- Closed