bug#39563: temp files

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#39563: temp files

From:	Pedro Moreira
Subject:	bug#39563: temp files
Date:	Tue, 11 Feb 2020 11:32:56 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1

Hello!

if a user edits a php file using emacs directly at the webserver, emacsautomatically saves a temp file at the same location, for example theuser opens index.php, emacs stores a copy index.php~.

Therefore the code in that file is exposed. If an attacker tries toaccess files like https://domain.com/index.php~ the server wontinterpret that file as php and presents it as plain text exposing thesource code.

I know this could be resolved with webserver configuration. But it is aproblem i just discovered and leaves me very unconfortable using emacs.

Maybe should be better the temp file beying stored like index~.php orindex.bck.php.


Thanks

[Prev in Thread]

Current Thread

[Next in Thread]

bug#39563: temp files, Pedro Moreira <=
- bug#39563: temp files, Andreas Schwab, 2020/02/11
- bug#39563: temp files, Dmitry Gutov, 2020/02/11
- bug#39563: temp files, Corwin Brust, 2020/02/11

Prev by Date: bug#37659: rx additions: anychar, unmatchable, unordered-or
Next by Date: bug#39564: 28.0.50; read-key function do not display the prompt if called from read-from-minibuffer
Previous by thread: bug#37659: rx additions: anychar, unmatchable, unordered-or
Next by thread: bug#39563: temp files
Index(es):
- Date
- Thread