Protect your templates

Protect your templates

This module disallows direct access to .tpl files.   The index.php in the template directory only protects you if someone enters the root of a particular directory.


However if they know the exact file name they are looking for, it is   very possible that the contents of the file will be output into the   browser. Particularly for Smarty .tpl files.

Coupled with the fact that it seems that many are using the Smarty   {php} tag (not recommended by Smarty authors btw) which could include   sensitive information.

Be Sociable, Share!

Leave a comment