Page MenuHomePhabricator

Add shell restriction to deny access to LocalSettings.php
Closed, ResolvedPublic


Suggested by Tim in the code review for

Most secret information like database passwords are kept in LocalSettings.php, so blacklisting that file by default would take away a lot of information an attacker would want.

Event Timeline

Legoktm created this task.Dec 9 2017, 6:00 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 9 2017, 6:00 AM

Change 396080 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[mediawiki/core@master] shell: Add NO_LOCALSETTINGS restriction

Change 396080 merged by jenkins-bot:
[mediawiki/core@master] shell: Add NO_LOCALSETTINGS restriction

Legoktm closed this task as Resolved.Dec 25 2017, 2:20 AM