Why is arbitrary code execution (even if it’s HMAC signed), an allowed thing in Symfony based websites? Why isn’t the code to be executed whitelisted against a list of controllers or the like?
🇬🇧 The UK geoblock is lifted, hopefully permanently.
Why is arbitrary code execution (even if it’s HMAC signed), an allowed thing in Symfony based websites? Why isn’t the code to be executed whitelisted against a list of controllers or the like?