[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Social-discuss] Security improvement for NginX (and bug tracker reg

From: Ivan Vilata i Balaguer
Subject: Re: [Social-discuss] Security improvement for NginX (and bug tracker registration)
Date: Mon, 5 Oct 2015 18:54:01 +0200
User-agent: Mutt/1.5.24 (2015-08-30)

chimo (2015-10-05 09:15:23 -0400) wrote:

> On 2015-10-05 07:18, Ivan Vilata i Balaguer wrote:
> >
> >I'm attaching a small patch to the sample NginX configuration file to
> >strengthen it a little bit against PHP files uploaded to
> >application-writable directories, to avoid e.g. a user attaching a
> >PHP file which could be run with installation user permissions.
> >Maybe GNU social already has some built-in checks for this, I
> >don't know.
> >
> >I tried to open a bug/feature request for this in the
> >[Phabricator](, but registration address
> >validation emails seem to not be sent (I've tried several times on
> >different days, checked the spam folder and the receiving server mail
> >logs, but no trace).
>   The codebase and issue tracker for GNU social has been moved to

Umm, <> still points to the Phabricator
web page, maybe it should be updated.  I was able to register in GitLab
and create [issue #78]( with
the patch attached to it.

> The .diff file you attached only contains the following on my end: "dl
> oct 5 13:18:02 CEST 2015"

Sorry, it looks like I messed it.  I'm attaching the patch (although
it's also attached to the issue above).


Ivan Vilata i Balaguer --

Attachment: serve-uploaded-php.diff
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]