Hello.
As I was upgrading my EA4-managed PHP7 installation to add a few modules, I kept reloading a particular PHP page and at one point it returned all my PHP source code, as if - for that moment - PHP support in Apache failed and the server chose to simply display my source directly. This is obviously a security concern, as database passwords or other critical data may get exposed that way. I'm thus not very willing to try to reproduce the issue again, as I don't have completely separate, non-production cPanel installations at the moment. Can you verify if there is, at any point during the provisioning, a brief time where PHP could be disabled but Apache still running?
As I was upgrading my EA4-managed PHP7 installation to add a few modules, I kept reloading a particular PHP page and at one point it returned all my PHP source code, as if - for that moment - PHP support in Apache failed and the server chose to simply display my source directly. This is obviously a security concern, as database passwords or other critical data may get exposed that way. I'm thus not very willing to try to reproduce the issue again, as I don't have completely separate, non-production cPanel installations at the moment. Can you verify if there is, at any point during the provisioning, a brief time where PHP could be disabled but Apache still running?
Last edited:
