Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+3 votes
2.5k views
in Q2A Core by

http://question2answer.org/qa/qa-include/qa-check-lang.php

Everybody can access it...

I know it's not that important but you could find out the installed plugins using this file when the plugin uses a language file.

qa-check-lang

by
Holy crap, I tested on my site and it came up with a PHISHING warning! This really ought to just be one of the admin pages instead of a raw PHP file.
by
edited by
you got hacked ;)
(kidding)

PS: phishing warning of the browser or of the virus scanner? Which one?
by
Phishing warning from Google Chrome. All the other pages on my site are perfectly fine. There was a link to 'report' the page as safe, which I did just in case it affects the rest of the site.

1 Answer

0 votes
by
It's publicly accessible because I wanted to make life easy for language developers. It's not a security threat per se, since all it does is read files and output stuff. But I take the point about it revealing if certain plugins are installed. If this bothers you, the file is easy to remove. I will think about this for the next maintenance version.
by
Since the file is basically dependent on your admin settings (i.e. your chosen language), IMO it would make sense to have an admin page at example.com/admin/langcheck.
by
Actually it checks all installed languages independent of which is selected.
by
Oh, OK. Well regardless it may as well be a page in the admin area. The link to the file is in the admin area, so most people are going to be logged in as admin when they go to that page.
...