<alani.mohammad@gmail.com> wrote:
> hi all..
>
> hope you do well
>
> I use cakephp from along and I faced a problem that I think it's a security
> issue
>
> when I request any file or directory that settle inside webroot directory.
> The URL automatically show the app/wedroot slug
>
> ex:
>
> request
>
> www.mydomian.com/css/main.css
>
> change in browser to
>
> www.mydomian.com/app/webroot/css/main.css
>
> I thing this shows up that I used cakephp. and I find it unprofessional way
> to leave such behavior
In the config for this virtual host:
-- snip --
DocumentRoot /path/to/site/app/webroot
<Directory "/path/to/site/app/webroot">
Options FollowSymLinks
# disable .htaccess
AllowOverride None
Order allow,deny
Allow from all
DirectoryIndex index.php index.html
# copied from app/webroot/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
</IfModule>
</Directory>
-- snip --
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment