On Wed, 5 Aug 2020 17:28:47 +1000 <dcook@prosentient.com.au> wrote:
We should move all the .tt files out of the /usr/share/koha/intranet/htdocs and /usr/share/koha/opac/htdocs directories and put them somewhere private like /usr/share/koha/tt or /usr/share/koha/templates.
At the moment, Apache is serving these files to anyone who asks for them, and it really shouldn't.
Why shouldn't it? Do they contain anything sensitive that people couldn't discover by looking in the koha sources?
Having these files in the "htdocs" directories also makes it harder to manage actual static assets that are served to Koha users.
That seems like a far stronger reason not to do it.
I've opened a Bugzilla report for it: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26140
Cool. Thanks. Regards, -- MJR http://mjr.towers.org.uk/ Member of http://www.software.coop/ (but this email is my personal view only)