.htaccess only blocks .tpl theme files (as used by the Smarty engine) and not .tpl.php files (as used by phpTemplate). Since both template files can contain PHP code, but should never be run by themselves, bad things could happen if they were directly accessed. Here, we modify our FilesMatch to block both .tpl and .tpl.php.

CommentFileSizeAuthor
_tplphp.patch748 bytesMorbus Iff
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

moshe weitzman’s picture

moshe weitzman CreditAttribution: moshe weitzman commented
Status: Needs review » Reviewed & tested by the community
killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
Status: Reviewed & tested by the community » Fixed

applied

Anonymous’s picture

(not verified) CreditAttribution: commented
Status: Fixed » Closed (fixed)