Commit: 293c89ed3eb3a2dd6d739370a541b775ecb123ac Author: Rasmus Lerdorf <[email protected]> Thu, 10 Apr 2014 02:40:21 -0700 Parents: 7ed703b0d0f3c19604794094f9a900e5daeef2a8 Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=293c89ed3eb3a2dd6d739370a541b775ecb123ac Log: *sigh* Changed paths: M cached.php Diff: diff --git a/cached.php b/cached.php index a716a7a..01c2544 100644 --- a/cached.php +++ b/cached.php @@ -1,4 +1,15 @@ <?php +/* + Yes, we know this can be used to view the source for any file + in the docroot directory. This is intentional and not an LFI + vulnerability. The source code for everything in the docroot + is publicly available at + + https://github.com/php/web-php + + so there is no vulnerability here. You can't use this to view + anything that is private. +*/ $_SERVER['BASE_PAGE'] = 'cached.php'; include_once 'include/prepend.inc'; -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
