-
- 2,877 Posts
I really recommend people who are using Apache to implement
following htaccess rules:
/assets/.htaccess
# Restrict direct access to script file types and templates
<FilesMatch "\.(php|tpl)$">
Order allow,deny
Deny from all
</FilesMatch>
In this case index-ajax.php was in root and made me vulnerable, but this removes direct access to all php files in assets folder.
https://github.com/modxcms/evolution/pull/266
Update: "Some multiTV options will not work with that. But I will try to add a .htaccess in the multiTV folder."--Jako
[ed. note: mrhaw last edited this post 9 years, 10 months ago.]
-
- 195 Posts
When upgrading AjaxSearch to this version on MODX 1.0.10, I encounter this issue:
Fatal error: Call to undefined method DBAPI::freeResult() in PATH\TO\MODX\assets\snippets\ajaxSearch\classes\ajaxSearchRequest.class.inc.php on line 69
Strange... Is this method applied to a more recent MODX version?