Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-19585

All files containing PHP code should have a .php extension not .html

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.9.5, 2.6.2
    • Fix Version/s: None
    • Component/s: Other
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_26_STABLE

      Description

      If a file in Moodle has any php code in it at all it should not have a .html extension. This has proved unsettling for security conscious users. For example, go to

      http://moodle.site/backup/backup_form.html

      and you get a screen full of code. This is perceived as a possible security issue even if it actually isn't. It would be better if code could not be readily viewed through the web interface.

        Gliffy Diagrams

          Activity

          Hide
          andyjdavis Andrew Davis added a comment -

          .html files containing php code are still present in Moodle as of 2.7. To find it on an linux machine run the following command in the Moodle directory.

          grep -R "<?php" .|grep "\.htm"

          Show
          andyjdavis Andrew Davis added a comment - .html files containing php code are still present in Moodle as of 2.7. To find it on an linux machine run the following command in the Moodle directory. grep -R "<?php" .|grep "\.htm"

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: