[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#39563: temp files

From: Dmitry Gutov
Subject: bug#39563: temp files
Date: Tue, 11 Feb 2020 17:15:10 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

On 11.02.2020 13:32, Pedro Moreira wrote:
Therefore the code in that file is exposed. If an attacker tries to access files like https://domain.com/index.php~ the server wont interpret that file as php and presents it as plain text exposing the source code.

Would it be better for the server to interpret it as PHP code and allow an arbitrary visitor to run whatever intermediary version of your code that's in the backup?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]