Please rename *.inc to *.inc.php

Priet · October 28, 2007, 06:14:19 AM

I noticed that RoundCube uses a lot of *.inc files to be included. Then it uses .htaccess to disable users to view this files via the browser (in order to hide the source code).

Why not naming these files *.inc.php? With the .php extension you know that those files contains php code and users can't access the source code via the browser. Thereby, you don't have to set all the .htaccess files. Not to forget, sometimes one can't use .htaccess files or just forgets to copy them (thus leading of the source code still accessible from outside).

In short, using *.inc.php instead of *.inc has the following advantages:

1. No more using .htaccess
2. Disabled view of the source code, even without .htaccess
3. Makes installation a bit easier

I was wondering if I'm the only one with this on his mind...

Priet · November 16, 2007, 01:30:43 PM

Any comments on this one?

Reload · November 21, 2007, 02:56:46 AM

May this is something to send to the dev. mailing list.
http://lists.roundcube.net/dev/

dina · November 25, 2007, 11:24:07 PM

I think because of security flaws/futures/hacks/whatever to download the full php files.

FliesLikeABrick · November 26, 2007, 02:27:20 PM

Makes sense to me, I don't see any reason not to

JD · March 10, 2008, 11:13:29 AM

Hello.
The dev team should improve this issue.

googlah · March 20, 2008, 04:32:35 PM

Agrees.

.htaccess-files can just be just as annoying and make problems to few. Not saying I getting issues, but heard others which had.

till · March 22, 2008, 06:39:56 PM

We read the mailinglists and like tickets on trac.

But I agree, it wouldn't hurt!

jimcavoli · March 22, 2008, 09:41:46 PM

I definitely agree.
Plus, as an added bonus, you could even toss in some header redirects once they're all php processed so that instead of actually even getting a blank page, the user will be bounced back to the login screen.

Please rename *.inc to *.inc.php

Reload

Please rename .inc to .inc.php