Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I try to read Claroline source code to learn from their coding.
In index.php file, at the first line of code, they write
unset($includePath); // prevent hacking
You can see full claroline source code from here.
They commented that the line is used to prevent hacking..
I have no idea why should they unset $includePath while the variable is never defined before that line..
What is the purpose of that line of code do actually, and what hacking type that they means?
I have not looked at the source myself, but a bit of searches gives the following kind of security advisory :
Claroline mambo.inc.php and postnuke.inc.php "includePath" file include
Note that this relies on [**`register_globals`**][2] being enabled, which :