This was posted on joomla.org last week about joomla explorer
Quote:
I think JoomlaXplorer is an excellent component and a must have for every Joomla! installation. It makes file management a breeze. There are a few bugs here and there, but nothing a seasoned programmer can't fix.
One major issue is the webroot backtracking that happens. Found a solution on the web to fix the site root access to users on shared hosts problem:
Modify the following lines in the file {site root directory}/administrator/components/com_joomlaxplorer/.config/conf.php
else {
$GLOBALS["home_dir"] = $dir_above;
// the url corresponding with the home directory: (no trailing ‘/’)
$GLOBALS["home_url"] = substr( $mosConfig_live_site, 0, strrpos($mosConfig_live_site, ‘/’));
}
to the following…
else {
$GLOBALS["home_dir"] = $mosConfig_absolute_path;
// the url corresponding with the home directory: (no trailing ‘/’)
$GLOBALS["home_url"] = $mosConfig_live_site;
}
This will fix the security hole with JoomlaXPlorer, and allow users only to access folders in their own joomla installation, allthough you should also chown and chmod the conf.php file to an administrator account to prevent users from modifying it.
|
Seems its still a bit buggy