developer.jelix.org is not used any more and exists only for history. Post new tickets on the Github account.
developer.jelix.org n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.

Opened 13 years ago

Closed 13 years ago

#415 closed bug (fixed)

temp directory is not protected and content of compiled ini file is readable

Reported by: laurentj Owned by:
Priority: highest Milestone: Jelix 1.0.1
Component: jelix Version: 1.0
Severity: critical Keywords: temp ini security issue
Cc: Blocked By:
Blocking: Documentation needed:
Hosting Provider: Php version:

Description (last modified by laurentj)

If the temp directory is in the document root of the web site, we can access files into it. And for compiled ini file, we can see its content. So :

  • a .htaccess should be automatically provided in the temp directory
  • a "die" php instruction should be added at the beginning of a compiled ini file.

Same problème with createapp command: it doesn't generate a .htaccess in the application directory

Change History (3)

comment:1 Changed 13 years ago by laurentj

  • Description modified (diff)

comment:2 Changed 13 years ago by laurentj

  • Description modified (diff)

comment:3 Changed 13 years ago by laurentj

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in the trunk and 1.0.x branch

Note: See TracTickets for help on using tickets.