You can't view the source of those files, what you see for example when
you go to http://xavisys.com/wp-includes/js/tinymce/tiny_mce_config.php
is the Javascript that this file is supposed to be outputting. If you
compare that to the actual contents of the file, you will see the
difference. In short, as long as your server is parsing PHP and not
sending the entire contents of the file to the browser, you should be
fine. If it worries you, you could add some deny rules to your .htaccess
crime_genius86 wrote:
http://www.yourdomain.com/wp-includes
you can directly open here, and may view all of the source file..
http://www.yourdomain.com/wp-includes/js/tinymce/tiny_mce_config.php
http://www.yourdomain.com/wp-content/themes/
it is normal people can view this? or we must fix it up??
[crime_genius86]
_______________________________________________
wp-testers mailing list
[email protected]
http://lists.automattic.com/mailman/listinfo/wp-testers
