I setup the template installer for JD Guerrilla to see how things were laid out and noticed some weirdness going on and not sure why? There is a folder and two files that are in the root directory that I have never seen before and wondering why they are there and what are the potential security issues for someone that might be using this to build a live site from?
The directory is a folder called "template" (not to be confused with "templates" which is supposed to be there). In this folder are all the files for the template that are also in the templates folder and the templateDetails.xml show this to be the case. So what gives with this being in the root directory where it is not being used?
Second is after the install and the install directory is removed there are two files left over from what I can only assume is part of the install, even though it is not the proper location for these files.
The first of the above is the post flight file whIch I guess is used for install of the package? The second however is not even for the Guerrilla template and instead the description says it is for JD Consult but it does reference the installer script file which is concerning. So again what gives with these files? For me its not a big deal but what about someone that does not really know what they are doing and these are left there and while trying to access these files does return a resticted aceess (note the bad spelling) message, but the fact that they are there one has to ask what the potential a bad actor might be able to do with these on a server that is poorly configured?
It could be that the test files weren't cleaned up while the installer was being packaged.
The structure you are describing is of a standard template folder. Are you positive you didn't extracted the template into the quickstart folder manually (un-intentionally of-course). we will investigate things on our end too.
Either way, you can delete the installer (xml and php) and the template folder as it shouldn't effect operations at all.
If you like our support and products, tweet us at joomdev and let the world know about it.
JoomDev is not affiliated with or endorsed by Open Source Matters or the Joomla! Project. The Joomla! logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.