From 93e0d14748a4218c8eb11424624751caad39d10f Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sun, 28 Apr 2024 09:02:22 +0200 Subject: [PATCH] system: deny access to .core files from web GUI --- src/etc/inc/plugins.inc.d/webgui.inc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/webgui.inc b/src/etc/inc/plugins.inc.d/webgui.inc index 39899bb91..ed0a42df2 100644 --- a/src/etc/inc/plugins.inc.d/webgui.inc +++ b/src/etc/inc/plugins.inc.d/webgui.inc @@ -350,10 +350,11 @@ mimetype.assign = ( ## deny access the file-extensions # -# ~ is for backupfiles from vi, emacs, joe, ... -# .inc is often used for code includes which should in general not be part -# of the document-root -url.access-deny = ( "~", ".inc" ) +# ~ is for backupfiles from vi, emacs, joe, ... +# .core is for core dumps that may be created during PHP execution +# .inc is often used for code includes which should in general not be part +# of the document-root +url.access-deny = ( "~", , ".core", ".inc" ) ######### Options that are good to be but not necessary to be changed #######