[hernano]

none of the scripts inside bb-templates should be +x

otherwise users will be able to execute them and a path will be disclosed.

example:

http://www.site.com/forums/bb-templates/kakumei/register-success.php

returns an error and a path is disclosed:

Fatal error: Call to undefined function: bb_get_header() in /server/path/disclosed/forums/bb-templates/kakumei/register-success.php on line 1

comment:

I had to +x all my files in my hosting environment to make bbpress work; this directory and its content should not be +x’ed.

(bbpress will still work if this directory is not +x’ed)

this is primarily ‘my fault’ but since I think what I did (+x’ing everything to make bbpress work) could have been done by others, I’m just making this note here.