Issue #2989262 by Daniel Korte, Kristen Pol: Escape all RewriteCond/RewriteRule .htaccess dots
Alex Pott
parent
38d02d6e4b
commit
952c086697
10
.htaccess
10
.htaccess
|
|
@ -116,13 +116,13 @@ AddEncoding gzip svgz
|
|||
# RewriteBase /
|
||||
|
||||
# Redirect common PHP files to their new locations.
|
||||
RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
|
||||
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
|
||||
RewriteCond %{REQUEST_URI} ^(.*)?/(install\.php) [OR]
|
||||
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild\.php)
|
||||
RewriteCond %{REQUEST_URI} !core
|
||||
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
|
||||
|
||||
# Rewrite install.php during installation to see if mod_rewrite is working
|
||||
RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
|
||||
RewriteRule ^core/install\.php core/install.php?rewrite=ok [QSA,L]
|
||||
|
||||
# Pass all requests not referring directly to files in the filesystem to
|
||||
# index.php.
|
||||
|
|
@ -138,11 +138,11 @@ AddEncoding gzip svgz
|
|||
# Allow access to PHP files in /core (like authorize.php or install.php):
|
||||
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
|
||||
# Allow access to test-specific PHP files:
|
||||
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
|
||||
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php
|
||||
# Allow access to Statistics module's custom front controller.
|
||||
# Copy and adapt this rule to directly execute PHP files in contributed or
|
||||
# custom modules or to run another PHP application in the same directory.
|
||||
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
|
||||
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics\.php$
|
||||
# Deny access to any other PHP files that do not match the rules above.
|
||||
# Specifically, disallow autoload.php from being served directly.
|
||||
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
|
||||
|
|
|
|||
|
|
@ -116,13 +116,13 @@ AddEncoding gzip svgz
|
|||
# RewriteBase /
|
||||
|
||||
# Redirect common PHP files to their new locations.
|
||||
RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
|
||||
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
|
||||
RewriteCond %{REQUEST_URI} ^(.*)?/(install\.php) [OR]
|
||||
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild\.php)
|
||||
RewriteCond %{REQUEST_URI} !core
|
||||
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
|
||||
|
||||
# Rewrite install.php during installation to see if mod_rewrite is working
|
||||
RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
|
||||
RewriteRule ^core/install\.php core/install.php?rewrite=ok [QSA,L]
|
||||
|
||||
# Pass all requests not referring directly to files in the filesystem to
|
||||
# index.php.
|
||||
|
|
@ -138,11 +138,11 @@ AddEncoding gzip svgz
|
|||
# Allow access to PHP files in /core (like authorize.php or install.php):
|
||||
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
|
||||
# Allow access to test-specific PHP files:
|
||||
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
|
||||
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php
|
||||
# Allow access to Statistics module's custom front controller.
|
||||
# Copy and adapt this rule to directly execute PHP files in contributed or
|
||||
# custom modules or to run another PHP application in the same directory.
|
||||
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
|
||||
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics\.php$
|
||||
# Deny access to any other PHP files that do not match the rules above.
|
||||
# Specifically, disallow autoload.php from being served directly.
|
||||
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
|
||||
|
|
|
|||
Loading…
Reference in New Issue