- Status Unconfirmed
- Percent Complete
- Task Type Information
- Category Backend/Core
- Assigned To No-one
- Operating System All
- Severity Low
- Priority Very Low
- Reported Version 1.0-rc7
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
FS#2480 - Better file organization
Save public files inside public or public_html directories, and non-public files outside of those directories;
config file
vendor directory
setup logic
etc
This goes onto another question/point - why are you deleting files from the vendor directory? It happens during composer install, and again after installation? Those files will just get put back if the user ever runs composer install again...
I think this is coming from the 'just unpack the release file on your web hosting and point your browser there to continue'.
If you mean the post-update-cmd in composer.json : I just removed unnecessary stuff from vendor/dapphp/securimage/ that could lower the securimage captcha security.
Also vendor/ contains a .htaccess that deny any access there now.
Every folder that doesn't require direct file access from browser should by denied. This is currently enforced by .htaccess files.
So if your apache config doesn't support .htaccess files, denying that directories must be done by apache config files. Same for people who try experimental tries with nginx.
Which files are deleted from vendor/ after installation?