|Subject:||bug#39563: temp files|
|Date:||Tue, 11 Feb 2020 11:32:56 +0000|
|User-agent:||Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1|
Hello!if a user edits a php file using emacs directly at the webserver, emacs automatically saves a temp file at the same location, for example the user opens index.php, emacs stores a copy index.php~.
Therefore the code in that file is exposed. If an attacker tries to access files like https://domain.com/index.php~ the server wont interpret that file as php and presents it as plain text exposing the source code.
I know this could be resolved with webserver configuration. But it is a problem i just discovered and leaves me very unconfortable using emacs.
Maybe should be better the temp file beying stored like index~.php or index.bck.php.
|[Prev in Thread]||Current Thread||[Next in Thread]|