|
Re: ATTENTENTION Webmasters - possible security vulnerability on school networks
unfortunatley, the only person with contact info for moodle (other than the non-responsive online suport email) is the tech coord at our school, and he's on vacation.
my friend and i hand-coded the pages (there are several, but all are "included" by index.php)i've looked through every script, and none of them reference external files; whenever i get a new script or such that does, i download the source (if it's creative commons) and tweak it, removing any external references.
oddly, the only place that the code shows up is the "rendered" source. the files on our server are clean.
we'll be contacting moodle as soon as our tech gets back.
another funny thing, making me think that this has nothing to do with the code, is that when we renamed index.php to index1.php, the problem went away, for a couple days, but, so did our site (index1 will not get auto-called like index)
thanks for the ideas,
-Z
|