joomlaFCK <= 1.1.5
http://www.site.com/mambots/editors/fck ... nector.php
joomlaFCK 1.2.0
http://www.site.com/mambots/editors/fck ... nector.php
joomlaFCK disallows to upload .php-files, but it allows to upload .htaccess (with Type=File or Type=files). So AddType directive in .htaccess allows to run any file as php.
My solution:
File:
mambots/editors/fckeditor/editor/filemanager/browser/default/connectors/php/config.php
After line 27 add:
Code: Select all
// Added by Pavel V. Zotov 20060720
define( '_VALID_MOS', 1 );
$allowed_backend_groups = array(23,24,25);
require_once( $mosConfig_absolute_path."/globals.php" );
require_once( $mosConfig_absolute_path."/includes/joomla.php" );
session_name( md5( $mosConfig_live_site ) );
session_start();
$mainframe = new mosMainFrame( $database, '', $mosConfig_absolute_path, 1 );
$my = $mainframe->initSessionAdmin( null, null );
if( !in_array( $my->gid, $allowed_backend_groups ) ) die( 'Restricted access' );
// end of addition by Pavel V. Zotov
Also you should to dissalow .htaccess