Greg Beaver de5aaaa74c fix potentially major security hole: modification/creation of files in .phar directory enabled in many locations ...

which then allows easy creation of tar/zip-based phar archives with a simple rename even when phar.readonly=1.  Plug the hole very tightly, allowing read access to
files, and also excluding them from opendir() output

2008-05-15 16:09:01 +00:00

1.6 KiB

Raw Blame History

View Raw