Secure getsource.php do not allow to list content of files outside public/examples

Luracast / Restler

Simple and effective multi-format Web API Server to host your PHP API as Pragmatic REST and/or RESTful API

http://luracast.com/products/restler/

GNU Lesser General Public License v2.1

1.36k stars 315 forks source link

Closed tmotyl closed 6 years ago

tmotyl commented 7 years ago

the getsource.php is not secure enough, and allows to list content of arbitrary files if restler is placed in the webroot.

Arul- commented 6 years ago

Fixed in RC6 with 06f0cadc14a5e47d52c431abb6f60197e7c0b2e2 RC5 with cd0c21b4f7c0a99261ad618e90a5263483e78007