security - limit direct access to files in the Lucee admin

Description

Limit direct access to templates to web.cfm and server.cfm for request not logged in.

Activity

Show:
Michael Offner
October 26, 2020, 2:57 PM

please test the complete admin, if it still works.

Pothys - MitrahSoft
October 29, 2020, 2:12 PM
Edited

Yes, . I've checked with as per your fix code, it works fine. If we try with non-existing file means, it shows an empty page when not logged in and also checked with admin - security - file access. Yes, it works fine as expected.
But, if we check with access - local ( D:\test ) to access - none and test with
( Example: fileread('./example.txt') - the file under the C: ),
it'll throws an error "can't access".
but, it throws like can't access [ C:\test\example.txt ] file must be [ D:\test ]

Assignee

Pothys - MitrahSoft

Reporter

Michael Offner

Labels

None

Priority

New
Configure