> That's a generic example. The pitfalls page is meant to warn you
> against some inadvisable practices. It's not meant to be a config
> recipe. You should always adapt your config to your application.
> As a rule all PHP (or whatever language file) scripts should be
> enumerated in the config, if possible with exact matchings, or if
> using PATHINFO with the correct pattern.
> Otherwise you're setting yourself up for getting p0wned.
So... maybe this pitfall should also be covered in the pitfalls page and
linked to from that example?
I agree with the OP that this example is bad, and given that people
usually read the minimal amount of documentation required to solve a
task, it's likely people will be caught with this.