splitbrain
commented
2 years ago Animals should be created outside the web servers document root. Adding a .htaccess for good measure might be a good idea anyway. PR welcome
Open bamyasi opened 2 years ago
splitbrain
commented
2 years ago Animals should be created outside the web servers document root. Adding a .htaccess for good measure might be a good idea anyway. PR welcome
When new animal is created via plugin's Add new Animal tab, no .htaccess files are copied/created to protect its 'data' and 'conf' directories from improper access. Hence, typing a fully qualified URL, e.g. http://localhost/farm/animal/data/, will produce index of all files in the animal's data directory. Same for the conf directory. This could potentially compromise site security.