On Friday 04 April 2014 07:13:39 Rasmus Lerdorf wrote: > > http://www.php.net/cached.php?t=1396464012&f=/cached.php > Unless you can show files outside of the docroot, this is not a bug. All the > source code for the site is public and anyone can view it on git.php.net. > We used to also have a "show source" right on the site. cached.php has code > in place to prevent it from accessing anything outside the docroot.
Code (realpath comparison to documentroot) looks fine in that regard. Got me thinking, though: would it be okay, and maybe good to put into the example on the mirroring page, to paranoidly run the rsync for the mirrors with the --safe-links option? Right now I can find no symlinks at all in phpweb, but that would still permit in-tree symlinking. best regards Patrick -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
