|
From: | Pedro Moreira |
Subject: | bug#39563: temp files |
Date: | Tue, 11 Feb 2020 11:32:56 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
Hello!if a user edits a php file using emacs directly at the webserver, emacs automatically saves a temp file at the same location, for example the user opens index.php, emacs stores a copy index.php~.
Therefore the code in that file is exposed. If an attacker tries to access files like https://domain.com/index.php~ the server wont interpret that file as php and presents it as plain text exposing the source code.
I know this could be resolved with webserver configuration. But it is a problem i just discovered and leaves me very unconfortable using emacs.
Maybe should be better the temp file beying stored like index~.php or index.bck.php.
Thanks
[Prev in Thread] | Current Thread | [Next in Thread] |