composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

2498 - restrict access to assets into env-*

Browse Source 
- allow static html into extensions/ and datamodels/
 - allow direct access to php into env-* for legacy code taht do not use exec.php
This commit is contained in:
bruno DA SILVA
2019-10-30 15:45:21 +01:00
parent e6167adefd
commit 4834c326aa
5 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
datamodels/.htaccess
View File

@@ -1,7 +1,7 @@
# Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html)$">
Require all granted
</FilesMatch>
</ifModule>
@@ -10,7 +10,7 @@ Require all denied
<ifModule !mod_authz_core.c>
deny from all
Satisfy All
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html)$">
Order Allow,Deny
Allow from all
</FilesMatch>

6
datamodels/web.config
View File

@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions applyToWebDAV="false" allowUnlisted="false" >
@@ -19,8 +19,10 @@
<add fileExtension=".woff2" allowed="true" />
<add fileExtension=".ttf" allowed="true" />
<add fileExtension=".eot" allowed="true" />
<add fileExtension=".html" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
</system.web>
</system.webServer>
</configuration>

4
extensions/.htaccess
View File

@@ -1,7 +1,7 @@
# Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html)$">
Require all granted
</FilesMatch>
</ifModule>
@@ -10,7 +10,7 @@ Require all denied
<ifModule !mod_authz_core.c>
deny from all
Satisfy All
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html)$">
Order Allow,Deny
Allow from all
</FilesMatch>

6
extensions/web.config
View File

@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions applyToWebDAV="false" allowUnlisted="false" >
@@ -19,8 +19,10 @@
<add fileExtension=".woff2" allowed="true" />
<add fileExtension=".ttf" allowed="true" />
<add fileExtension=".eot" allowed="true" />
<add fileExtension=".html" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
</system.web>
</system.webServer>
</configuration>

8
setup/compiler.class.inc.php
View File

@@ -2932,7 +2932,7 @@ EOF;
# Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html|php)$">
Require all granted
</FilesMatch>
</ifModule>
@@ -2941,7 +2941,7 @@ Require all denied
<ifModule !mod_authz_core.c>
deny from all
Satisfy All
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html|php)$">
Order Allow,Deny
Allow from all
</FilesMatch>
@@ -2990,6 +2990,10 @@ EOF;
<add fileExtension=".woff2" allowed="true" />
<add fileExtension=".ttf" allowed="true" />
<add fileExtension=".eot" allowed="true" />
<add fileExtension=".html" allowed="true" />
<add fileExtension=".php" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>