Hugo Sales
aef1fac536
Ensure unwanted enviorment variables are removed from the actual global environment rather than just the `$_ENV` superglobal variable Disable stream wrappers, as this is an unexpected feature for most developers and can be exploited. For instance, `phar://` can be used to override any class and thus provide code execution (through `__wakeup` or `__costruct`, for instance). Not a complete solution, as `php://` can also be abused, but we can't disable it as it gets used _somewhere_ in our dependencies |
||
|---|---|---|
| .. | ||
| assets | ||
| components | ||
| plugins | ||
| favicon.ico | ||
| index.php | ||