> Sorry if this has been mentioned before but: > > Many of the plugins available for download do not have an index.php file > to redirect users to the login page if they try to execute code in the > plugin directory. > > This means that code in these plugin directories can be executed by > users.
This means that plugin's directory can be listed on webserver. Disable automatic directory indexing, if you want. When index.php is present, plugins can be executed too. You just need to call them without using directory listing. Some of the plugins need to be executed by end user, because they use extra pages, that are not inserted throught hooks. -- Tomas ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
