TingDaoK
commented
1 year ago https://github.com/awslabs/aws-crt-php/pull/88 this should remove those scripts from the composer package.
Closed gboddin closed 1 year ago
TingDaoK
commented
1 year ago https://github.com/awslabs/aws-crt-php/pull/88 this should remove those scripts from the composer package.
gboddin
commented
1 year ago My PHP became a bit rusty but it seems the files are still there.
It looks like the build scripts are to package PECL/Pear, wouldn't composer still download the files and place them in /vendor ?
( Side note, during research a few docker images running PHP have been found with register_argc_argv set to true )
TingDaoK
commented
1 year ago We still working on that, it haven't merged yet
gen_api.php and gen_stub.php should be removed from the codebase or their PHP extension should be dropped.
Atm anyone accessing /vendor/awslabs/aws-crt-php/gen_api.php can use it as a POST repeater.
It is also possible to populate $_SERVER["argv"][1] with : /vendor/awslabs/aws-crt-php/gen_api.php?arg0+/etc/passwd
$argv usually stays undefined but PHP settings to turn it on are available.