Michal Čihař a écrit :
Hi all
while speaking with friend about some recent security issues, we came to
quite obvious idea, that access to /libraries folder should be disabled
(by providing .htaccess file and suggesting same configuration in
documentation) and all stuff that needs direct access should go out of
this folder. Stuff that I quickly found that needs to be moved:
- *.js - create /js folder for it?
- libraries/transformations/overview.php - should be IMHO in root anyway
Is there something else I missed? Any comments on implementing this in
2.7.0 branch?
As IMO this is an improvement for security in general (path disclosure) and not
a direct problem we have with 2.7.0, I would prefer to let 2.7.0 as is and start
moving stuff in HEAD.
Marc