[PHP] view source with opera
Hi list I am using php on the company´s website that i work and now someone told me that you can view the php source with the opera browser he says he done it by himself . Anybody can tell me if it´s true or not ? or in wich conditions this can happen! how to fix this? Thank´s Ângelo Marcos Rigo Webmaster Colégio Anchieta http://www.colegioanchieta.g12.br -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] view source with opera
Nope, he's lying. PHP is server side, a browser is well, browser side. So, no. The only possible way is if you had your PHP actually printing (by say an accidentally closed ?php) which would cause it to be show, but since thats a programming mistake, thats not really a fault of the language. Adam [EMAIL PROTECTED] On Thu, 2002-06-13 at 09:12, Angelo Marcos Rigo wrote: Hi list I am using php on the company´s website that i work and now someone told me that you can view the php source with the opera browser he says he done it by himself . Anybody can tell me if it´s true or not ? or in wich conditions this can happen! how to fix this? Thank´s Ângelo Marcos Rigo Webmaster Colégio Anchieta http://www.colegioanchieta.g12.br -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] view source with opera
I'm quite sure that this won't work... The server isn't delivering the php source, so the client will not get the source code but only the resulting code the script generated. So IMHO this is a hoax. Hi list I am using php on the company´s website that i work and now someone told me that you can view the php source with the opera browser he says he done it by himself . Anybody can tell me if it´s true or not ? or in wich conditions this can happen! how to fix this? Let him show you... Cheers, Kiko -- It's not a bug, it's a feature. christoph starkmann mailto:[EMAIL PROTECTED] http://www.gruppe-69.com/ ICQ: 100601600 -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] view source with opera
Oh, one other possibility besides my previous statement, if PHP is not properly configured on the server hosting the .php pages, it probably would just pass the PHP right to the browser since it doesn't know it's supposed to execute the PHP block of code. Ofcourse, PHP wouldn't work anywhere if this is the case, which is usally caught pretty quick. Adam Voigt [EMAIL PROTECTED] On Thu, 2002-06-13 at 09:12, Angelo Marcos Rigo wrote: Hi list I am using php on the company´s website that i work and now someone told me that you can view the php source with the opera browser he says he done it by himself . Anybody can tell me if it´s true or not ? or in wich conditions this can happen! how to fix this? Thank´s Ângelo Marcos Rigo Webmaster Colégio Anchieta http://www.colegioanchieta.g12.br -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] view source with opera
On Thursday, June 13, 2002, 2:20:29 PM, you wrote: I'm quite sure that this won't work... The server isn't delivering the php source, so the client will not get the source code but only the resulting code the script generated. So IMHO this is a hoax. Unless your server has phps (source view) enabled. If it has then you can see the source of any file by using the extension .phps. -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] view source with opera
I'm quite sure that this won't work... The server isn't delivering the php source, so the client will not get the source code but only the resulting code the script generated. So IMHO this is a hoax. Unless your server has phps (source view) enabled. If it has then you can see the source of any file by using the extension .phps. Awright! But then it would be possible with any browser... Kiko -- It's not a bug, it's a feature. christoph starkmann mailto:[EMAIL PROTECTED] http://www.gruppe-69.com/ ICQ: 100601600 -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] view source with opera
On Thursday, June 13, 2002, 2:49:56 PM, you wrote: I'm quite sure that this won't work... The server isn't delivering the php source, so the client will not get the source code but only the resulting code the script generated. So IMHO this is a hoax. Unless your server has phps (source view) enabled. If it has then you can see the source of any file by using the extension .phps. Awright! But then it would be possible with any browser... Unless I missed it, the OP never said it *only* happened in Opera. -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] view source with opera
In short I think what everyone is trying to say is: it depends on how your server is setup. If you host your own servers then you need to read up on how PHP works in the chain of command and how its configured. If not, then reading up on the whole request and deliver process of HTTP where a scripting language like PHP / ASP is involved would be useful... but its unlikely that a commerical hoster would allow .php files to have their source viewd. To clear things up - if the extension you are using is being parsed by PHP (eg .php files are working correctly and a phpinfo() executes as expected) then there is *no known exploit* to get the source from that page. Thats not to say there isnt one we dont know about - and if your friend / collegue who informed you that it is possible, can ... then I would be (as would most of us on this list) most eager to find out how. If he can replicate the exploit, I have an open mind. For the record, there are only 3 ways of outputing PHP source on a properly configured webserver running PHP. 1. Placing a show_source PHP command in your PHP parsed script 2. Using .phps (only works on Unix AFAIK) 3. Outputing the code yourself using echo's / having badly formed code (eg: missing out the ?php at the begining exposing your php code as raw html). In all 3 cases it would be quite obvious (as your site would not function as intended). Also - for the record - if you cannot view the PHP source inside IE, then you cannot inside netscape, opera nor any other web browser as IE gets the same data as the rest of them (unless your doing some fancy stuff, by which you will already know the answer to most of your questions). Hope I havent been to confusing - Dan On Thursday, June 13, 2002, 2:20:29 PM, you wrote: I'm quite sure that this won't work... The server isn't delivering the php source, so the client will not get the source code but only the resulting code the script generated. So IMHO this is a hoax. Unless your server has phps (source view) enabled. If it has then you can see the source of any file by using the extension .phps. -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] view source with opera
Unless your server has phps (source view) enabled. If it has then you can see the source of any file by using the extension .phps. Awright! But then it would be possible with any browser... Unless I missed it, the OP never said it *only* happened in Opera. but unless we are assuming the OP is a complete idiot, we can assume that it would be more than obvious! As the PHP script wouldnt execute at all! Also, this only works on a unix host, and I doubt that anyone would purposly name their files .phps blah blah. In short the answer is still no, you cannot gain the source from a functional PHP script unless it has been setup to. There is no exploit to do this with any browser. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software Systems Engineer First Creative Ltd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RES: [PHP] view source with opera
On Thursday, June 13, 2002, 2:59:35 PM, you wrote: yes the bad guy says it only happen in opera i ask to show me how but give no response until now Let us know what he says. I think we'd all be interested. -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
