[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#39563: temp files

From: Pedro Moreira
Subject: bug#39563: temp files
Date: Tue, 11 Feb 2020 11:32:56 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1


if a user edits a php file using emacs directly at the webserver, emacs automatically saves a temp file at the same location, for example the user opens index.php, emacs stores a copy index.php~.

Therefore the code in that file is exposed. If an attacker tries to access files like https://domain.com/index.php~ the server wont interpret that file as php and presents it as plain text exposing the source code.

I know this could be resolved with webserver configuration. But it is a problem i just discovered and leaves me very unconfortable using emacs.

Maybe should be better the temp file beying stored like index~.php or index.bck.php.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]