[VIM] bad report for EstateAgent?

Steven M. Christey coley at mitre.org
Wed Aug 23 19:53:26 EDT 2006

BUGTRAQ:20060820 Mambo Component - EstateAgent Remote File Inclusion

Outlaw from Aria Security includes the following source code extract:

># Don't allow direct linking
>defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
>allowed.' );
>require_once( $mainframe->getPath( 'front_html' ) );

Um - isn't this the recommended fix that Mambo told all component
developers to use?  I don't have that URL on me at the moment.

Anyway, I can't get any source code to check - I couldn't find it on
the site after a cursory look - but I'm not sure this report is
correct, based on the above.

- Steve

More information about the VIM mailing list