Moodle
  1. Moodle
  2. MDL-19585

All files containing PHP code should have a .php extension not .html

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 1.9.5, 2.6.2
    • Fix Version/s: None
    • Component/s: Other
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_26_STABLE
    • Rank:
      2416

      Description

      If a file in Moodle has any php code in it at all it should not have a .html extension. This has proved unsettling for security conscious users. For example, go to

      http://moodle.site/backup/backup_form.html

      and you get a screen full of code. This is perceived as a possible security issue even if it actually isn't. It would be better if code could not be readily viewed through the web interface.

        Activity

        Hide
        Andrew Davis added a comment -

        .html files containing php code are still present in Moodle as of 2.7. To find it on an linux machine run the following command in the Moodle directory.

        grep -R "<?php" .|grep "\.htm"
        Show
        Andrew Davis added a comment - .html files containing php code are still present in Moodle as of 2.7. To find it on an linux machine run the following command in the Moodle directory. grep -R "<?php" .|grep "\.htm"

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: