@ringmaster:
This is a great plugin, but there a security issue that concerns me: a hacker can use this plugin to look at any text file. For example, if you type:
https://www.domain.com/index.php?static=.htaccess
on most websites using your plugin, this will simply outout the .htaccess contents. And you can do this for any file.
Is it possible for you to make an optional list of “allowed static pages”? Say I want ezstatic to only show about.php, archives.php, contact.php and nothing else, can there be an array in the php code where i can specify ‘about’,’archives’,’contact’ as the only pages that the plugin should process?
