composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-24 11:08:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

2498 - restrict access to assets into env-*

Browse Source 
- allow static html into extensions/ and datamodels/
 - allow direct access to php into env-* for legacy code taht do not use exec.php
This commit is contained in:
bruno DA SILVA
2019-10-30 15:45:21 +01:00
parent e6167adefd
commit 4834c326aa
5 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
setup/compiler.class.inc.php
View File

@@ -2932,7 +2932,7 @@ EOF;
# Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html|php)$">
Require all granted
</FilesMatch>
</ifModule>
@@ -2941,7 +2941,7 @@ Require all denied
<ifModule !mod_authz_core.c>
deny from all
Satisfy All
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
<FilesMatch ".+\.(css|scss|js|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html|php)$">
Order Allow,Deny
Allow from all
</FilesMatch>
@@ -2990,6 +2990,10 @@ EOF;
<add fileExtension=".woff2" allowed="true" />
<add fileExtension=".ttf" allowed="true" />
<add fileExtension=".eot" allowed="true" />
<add fileExtension=".html" allowed="true" />
<add fileExtension=".php" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>