aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source
diff options
context:
space:
mode:
authorGeorge Claghorn <george.claghorn@gmail.com>2018-08-03 18:09:25 -0400
committerGitHub <noreply@github.com>2018-08-03 18:09:25 -0400
commita69394e9fd7ef826bdd35f10f054405ecd6760cf (patch)
treeae33939f55f34ce71aaee1af803c6c8c1d20f52c /guides/source
parentceac9bfb24e94fcb68211c3b90397a1862204b7f (diff)
parentdd435da5b380fdc302570a9225f189e7e313f01f (diff)
downloadrails-a69394e9fd7ef826bdd35f10f054405ecd6760cf.tar.gz
rails-a69394e9fd7ef826bdd35f10f054405ecd6760cf.tar.bz2
rails-a69394e9fd7ef826bdd35f10f054405ecd6760cf.zip
Merge pull request #33507 from jackc/patch-1
Fix file upload location recommendation
Diffstat (limited to 'guides/source')
-rw-r--r--guides/source/security.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index 4e12a831a9..9fbd252bb7 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -419,7 +419,7 @@ WARNING: _Source code in uploaded files may be executed when placed in specific
The popular Apache web server has an option called DocumentRoot. This is the home directory of the web site, everything in this directory tree will be served by the web server. If there are files with a certain file name extension, the code in it will be executed when requested (might require some options to be set). Examples for this are PHP and CGI files. Now think of a situation where an attacker uploads a file "file.cgi" with code in it, which will be executed when someone downloads the file.
-_If your Apache DocumentRoot points to Rails' /public directory, do not put file uploads in it_, store files at least one level downwards.
+_If your Apache DocumentRoot points to Rails' /public directory, do not put file uploads in it_, store files at least one level upwards.
### File Downloads