Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
D
drupal-3338541
Manage
Activity
Members
Labels
Plan
Custom issue tracker
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Model registry
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Issue forks
drupal-3338541
Commits
952c0866
Unverified
Commit
952c0866
authored
4 years ago
by
Alex Pott
Browse files
Options
Downloads
Patches
Plain Diff
Issue
#2989262
by Daniel Korte, Kristen Pol: Escape all RewriteCond/RewriteRule .htaccess dots
parent
38d02d6e
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
.htaccess
+5
-5
5 additions, 5 deletions
.htaccess
core/assets/scaffold/files/htaccess
+5
-5
5 additions, 5 deletions
core/assets/scaffold/files/htaccess
with
10 additions
and
10 deletions
.htaccess
+
5
−
5
View file @
952c0866
...
...
@@ -116,13 +116,13 @@ AddEncoding gzip svgz
# RewriteBase /
# Redirect common PHP files to their new locations.
RewriteCond
%{REQUEST_URI} ^(.*)?/(install.php) [OR]
RewriteCond
%{REQUEST_URI} ^(.*)?/(rebuild.php)
RewriteCond
%{REQUEST_URI} ^(.*)?/(install
\
.php) [OR]
RewriteCond
%{REQUEST_URI} ^(.*)?/(rebuild
\
.php)
RewriteCond
%{REQUEST_URI} !core
RewriteRule
^ %1/core/%2 [L,QSA,R=301]
# Rewrite install.php during installation to see if mod_rewrite is working
RewriteRule
^core/install.php core/install.php?rewrite=ok [QSA,L]
RewriteRule
^core/install
\
.php core/install.php?rewrite=ok [QSA,L]
# Pass all requests not referring directly to files in the filesystem to
# index.php.
...
...
@@ -138,11 +138,11 @@ AddEncoding gzip svgz
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond
%{REQUEST_URI} !/core/[^/]*\.php$
# Allow access to test-specific PHP files:
RewriteCond
%{REQUEST_URI} !/core/modules/system/tests/https?.php
RewriteCond
%{REQUEST_URI} !/core/modules/system/tests/https?
\
.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond
%{REQUEST_URI} !/core/modules/statistics/statistics.php$
RewriteCond
%{REQUEST_URI} !/core/modules/statistics/statistics
\
.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule
"^(.+/.*|autoload)\.php($|/)" - [F]
...
...
This diff is collapsed.
Click to expand it.
core/assets/scaffold/files/htaccess
+
5
−
5
View file @
952c0866
...
...
@@ -116,13 +116,13 @@ AddEncoding gzip svgz
# RewriteBase /
# Redirect common PHP files to their new locations.
RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
RewriteCond %{REQUEST_URI} ^(.*)?/(install
\
.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild
\
.php)
RewriteCond %{REQUEST_URI} !core
RewriteRule ^ %1/core/%2 [L,QSA,R=301]
# Rewrite install.php during installation to see if mod_rewrite is working
RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
RewriteRule ^core/install
\
.php core/install.php?rewrite=ok [QSA,L]
# Pass all requests not referring directly to files in the filesystem to
# index.php.
...
...
@@ -138,11 +138,11 @@ AddEncoding gzip svgz
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?
\
.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics
\
.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment