News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

SSI.php and ssi_examples.php

Started by ArMaP, February 01, 2025, 03:25:51 PM

Previous topic - Next topic

ArMaP

I "inherited" an SMF forum, and after some time trying to get it back online (it was outdated) with the most recent forum version, I noticed two files on the forum's root folder, "SSI.php" and "ssi_examples.php".

When I tried to open those files on my browser I noticed they disclose the forum's absolute path, which I suppose is not optimal from a security point of view.

Can I remove those files or are they needed by the forum code?
If I cannot remove them, what should I do to stop them from showing the absolute path for the forum files?

Thanks in advance and sorry if this has been asked, I searched for it but couldn't find any topic about this specific problem.

Kindred

SSI.php will not run by itself. It's a file to be included in other scripts in order t display SMF content outside of SMF itself.  so there is no way that it "reveals the forum path"


ssi_examples.php is a file that has examples of what the SSI functions do... but it uses smf permissions...   if you view it as a guest, you don't see the path -- only if you view it as an admin do you see that.

in other words, they are not a security problem.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Aleksi "Lex" Kilpinen

SSI.php should not run on it's own, and should not expose anything, as Kindred said.

Both the SSI_examples are safe to remove if you don't need them. They are just examples of what SSI can do.
But, ours is here if you want a look https://www.simplemachines.org/community/ssi_examples.php



Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

ArMaP

Thanks to both.

I didn't think of looking at those files without being logged in, so I saw the full path and got worried about it.

Case closed. :)

Advertisement: