The process_extending_files in httpd-run script uses a directory that is in the www root

[dejanmilosavljevicteranet]

Description

In https://github.com/sclorg/httpd-container/blob/4d238482685f3926826d317e0cf18a425f504487/2.4/root/usr/bin/run-httpd line 16 processes extending files, in this path ${HTTPD_APP_ROOT}/src/httpd-pre-init/ but this path is on the path of the www root, which makes the files inside this directory readable through the http/https from outside. Should this not be in ${HTTPD_APP_ROOT}/httpd-pre-init/ so that its content is not available to external clients?