[WIP] Check that .blade.php cannot be accessed remotely #21
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Should this be cached, or should it be a manual check via wp-cli? Should this throw an error or show a more polite notification/alert? What sort of options/filters should be implemented?
Should we instead put this on the ViewServiceProvider and iterate over all view paths within the document root and select an actual .blade.php from each path to ensure all paths are protected?
Not sure how crazy we want to get with this. I'm personally of the mindset that this is outside the scope of Sage and Acorn, and I'd be in favor of completely removing it. But if we do want it, my preference would be to implement it as a wp-cli command.