Hugo Sales
aef1fac536
Ensure unwanted enviorment variables are removed from the actual global environment rather than just the `$_ENV` superglobal variable Disable stream wrappers, as this is an unexpected feature for most developers and can be exploited. For instance, `phar://` can be used to override any class and thus provide code execution (through `__wakeup` or `__costruct`, for instance). Not a complete solution, as `php://` can also be abused, but we can't disable it as it gets used _somewhere_ in our dependencies |
||
---|---|---|
.. | ||
assets | ||
components | ||
plugins | ||
favicon.ico | ||
index.php |