Commit: 7c878f6e5fbd62c041780bbed83b6e1f94e52b10 Author: Rasmus Lerdorf <[email protected]> Thu, 10 Apr 2014 02:40:21 -0700 Parents: 041e2f624d3bdbd095bf28781a15a0f195163b1c Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=7c878f6e5fbd62c041780bbed83b6e1f94e52b10 Log: *sigh* Changed paths: M cached.php Diff: diff --git a/cached.php b/cached.php index a716a7a..01c2544 100644 --- a/cached.php +++ b/cached.php @@ -1,4 +1,15 @@ <?php +/* + Yes, we know this can be used to view the source for any file + in the docroot directory. This is intentional and not an LFI + vulnerability. The source code for everything in the docroot + is publicly available at + + https://github.com/php/web-php + + so there is no vulnerability here. You can't use this to view + anything that is private. +*/ $_SERVER['BASE_PAGE'] = 'cached.php'; include_once 'include/prepend.inc'; -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
