Hi everyone, I'm attaching a small patch to the sample NginX configuration file to strengthen it a little bit against PHP files uploaded to application-writable directories, to avoid e.g. a user attaching a PHP file which could be run with installation user permissions. Maybe GNU social already has some built-in checks for this, I don't know.
I tried to open a bug/feature request for this in the [Phabricator](https://bugz.foocorp.net/), but registration address validation emails seem to not be sent (I've tried several times on different days, checked the spam folder and the receiving server mail logs, but no trace). Cheers, -- Ivan Vilata i Balaguer -- https://elvil.net/
dl oct 5 13:18:02 CEST 2015
