Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #3191389 by anmolgoyal74, greggles, larowlan, mcdruid, pwolanin, brayfe: File Inclusion issue security hardening

merge-requests/3271/head
Alex Pott 2023-01-20 14:18:55 +00:00
parent de66aa9334
commit 86bced910a
No known key found for this signature in database
GPG Key ID: BDA67E7EE836E5CE
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.ht.router.php
View File

@ -24,6 +24,12 @@
* @see http://php.net/manual/en/features.commandline.webserver.php * @see http://php.net/manual/en/features.commandline.webserver.php
*/ */
if (PHP_SAPI !== 'cli-server') {
// Bail out if this is not PHP's Development Server.
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
$url = parse_url($_SERVER['REQUEST_URI']); $url = parse_url($_SERVER['REQUEST_URI']);
if (file_exists(__DIR__ . $url['path'])) { if (file_exists(__DIR__ . $url['path'])) {
// Serve the requested resource as-is. // Serve the requested resource as-is.

6
core/assets/scaffold/files/ht.router.php
View File

@ -24,6 +24,12 @@
* @see http://php.net/manual/en/features.commandline.webserver.php * @see http://php.net/manual/en/features.commandline.webserver.php
*/ */
if (PHP_SAPI !== 'cli-server') {
// Bail out if this is not PHP's Development Server.
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
$url = parse_url($_SERVER['REQUEST_URI']); $url = parse_url($_SERVER['REQUEST_URI']);
if (file_exists(__DIR__ . $url['path'])) { if (file_exists(__DIR__ . $url['path'])) {
// Serve the requested resource as-is. // Serve the requested resource as-is.