Although this may seem obvious to most developers, if you’re using a template system, such as Smarty, there is no reason for the templates to live off of webroot. If for some reason you do need to keep your templates there, remember to add the template extension to apache, so that it treats the files as PHP. Otherwise you risk sending your PHP code directly to the browser.

This is all painfully obvious, right? We’ll not to the folks at VerticalResponse. The other day I was attempting to setup an email newsletter, but couldn’t get past the login. I was getting (split onto two lines):

So for kicks I tried the url, less everything before htdocs. To my surprise it worked, PHP code displayed exactly as it was typed in.

Curious, I tried some other templates names. I was just making guesses based off the one name I knew.

Granted these are just templates and there really isn’t anything too damaging exposed. Although I only spent five minutes doing this.

This concludes “Obvious Tips, That Aren’t So Obvious To Some - Part 1″. Part 2 begins right about…now: Turn off display_errors on your production system. Yes, I’m still talking to you VerticalResponse.

Popularity: 38% [?]