Page MenuHomePhabricator

Add shell restriction to deny access to LocalSettings.php
Closed, ResolvedPublic

Description

Suggested by Tim in the code review for https://gerrit.wikimedia.org/r/#/c/384930/

Most secret information like database passwords are kept in LocalSettings.php, so blacklisting that file by default would take away a lot of information an attacker would want.

Event Timeline

Change 396080 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[mediawiki/core@master] shell: Add NO_LOCALSETTINGS restriction

https://gerrit.wikimedia.org/r/396080

Change 396080 merged by jenkins-bot:
[mediawiki/core@master] shell: Add NO_LOCALSETTINGS restriction

https://gerrit.wikimedia.org/r/396080