Direct access to pages in single_pages directory

Permalink
I'm in the process of building a website, powered by Concrete5, for a volunteer organisation I'm a member of. This site extensively uses single pages I have just discovered that it is possible to navigate directly to them using the URL. This is about as far from ideal as possible as some of these pages contain the ability to input data into a database, leaving the site wide open to SQL injection or some other malicious attack by anyone that cares to check.

An example;

Concrete5 is set up with a single page called MyAdmin. This is located in the singe_pages folder as MyAdmin.php. Logging in to Concrete5 as a user who has permission to this page shows the page with the URLwww.www.mywebsite.com/Concrete5/MyAdmin.... Logging out and navigating to that page takes me back to the login page.

Now, navigating to a page that doesn't exist,www.www.mywebsite.com/Concrete5/single_pages/WrongPage.php... for example, brings up a Concrete5 "page not found" message. However, navigating to page that does exist at the URL brings the page up with no issues and no errors. I need to stop this from happening!

CHMOD 700 to the entire contents of doesn't seem to work. I've not tried using a .htaccess file yet although I'm wary that doing so would also prevent Concrete5 from also accessing the page.

How can I rectify this?

Thank you in advance.

 
Mnkras replied on at Permalink Best Answer Reply
Mnkras
Disable Directory listing, also, if you insert the standard C5_EXECUTE at the top of all your files, then those files cannot be accessed outside of the c5 environment.
Monkfish replied on at Permalink Reply
Thanks for the prompt response. After reading your suggestion, I have Google a poke and came across this page...http://www.altinkonline.nl/tutorials/concrete5/make-a-concrete5-sin...

I've added the line below to the top of the page code and it works exactly as required. Issue fixed! :-D

<?php defined('C5_EXECUTE') or die("Access Denied."); ?>