developer.jelix.org is not used any more and exists only for
history. Post new tickets on the Github account.
developer.jelix.org n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.
developer.jelix.org n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.
Opened 12 years ago
Closed 12 years ago
#415 closed bug (fixed)
temp directory is not protected and content of compiled ini file is readable
| Reported by: | laurentj | Owned by: | |
|---|---|---|---|
| Priority: | highest | Milestone: | Jelix 1.0.1 |
| Component: | jelix | Version: | 1.0 |
| Severity: | critical | Keywords: | temp ini security issue |
| Cc: | Blocked By: | ||
| Blocking: | Documentation needed: | ||
| Hosting Provider: | Php version: |
Description (last modified by laurentj)
If the temp directory is in the document root of the web site, we can access files into it. And for compiled ini file, we can see its content. So :
- a .htaccess should be automatically provided in the temp directory
- a "die" php instruction should be added at the beginning of a compiled ini file.
Same problème with createapp command: it doesn't generate a .htaccess in the application directory
Change History (3)
comment:1 Changed 12 years ago by laurentj
- Description modified (diff)
comment:2 Changed 12 years ago by laurentj
- Description modified (diff)
comment:3 Changed 12 years ago by laurentj
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Fixed in the trunk and 1.0.x branch