Closed GoogleCodeExporter closed 9 years ago
I don't see anything to profit from in your sample. There's nothing in the
dompdf code that can't be seen publicly already (except *maybe* some info in
dompdf_config.inc.php). Yes, in 0.5.1 there are some serious security problems,
but we are working to improve the hardening of DOMPDF as a whole. In 0.5.2+ we
have already provided the ability for users to restrict the directory from
which files can be pulled for rendering (see DOMPDF_CHROOT).
Additionally, while we are working on making dompdf.php more secure we're
leaning towards recommending that users not expose it publicly. Once 0.6.0
final is released we will complete the documentation, including information
regarding security considerations.
If you have any suggestions for how to further improve security we'd be happy
to hear them.
Original comment by eclecticgeek
on 11 May 2011 at 4:20
Original comment by eclecticgeek
on 30 May 2013 at 5:15
Original issue reported on code.google.com by
alex....@gmail.com
on 11 May 2011 at 2:33