Issue

Here is the problem I am currently facing:

All the js and css files in cakephp's webroot executes php.

There are some js files I use that have <? and ?> strings in them.

This causes the file to throw a php exception.

In addition, I think it is bad practice for security to allow this.

I would like to keep all php functionality out of the webroot.

Even if I do a normal include for a file in the webroot, php gets executed.

Does anyone know how to disable this?

I don't mind hacking the core files to fix this issue if I have to.

Would be greatful if someone can point me in the right direction.

Solution

Just found the answer myself.

It is in lib/Cake/Routing/Filter/AssetDispatcher.php

In the function _deliverAsset near line 160

if ($ext === 'css' || $ext === 'js') {

To fix it I changed it to:

if(false){

Problem solved

Answered By - Dieter Gribnitz

Answer Checked By - David Goodson (PHPFixing Volunteer)