mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2026-06-27 13:01:33 +00:00
Block access to all php and phar files that are uploaded into the media folder
This commit is contained in:
Jan Böhmer
parent
c2ec0ee12b
commit
6e5d1c967f
5 changed files with 29 additions and 1 deletions
3
public/media/.gitignore
vendored
3
public/media/.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
|||
# Ignore everything except this .gitignore
|
||||
*
|
||||
!.gitignore
|
||||
!.gitignore
|
||||
!.htaccess
|
||||
|
|
|
|||
10
public/media/.htaccess
Normal file
10
public/media/.htaccess
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# Deny access to PHP and PHP-like files to prevent remote code execution
|
||||
<FilesMatch "(?i)\.(php[3-8]?|phar|phtml|pht|phps)$">
|
||||
<IfModule mod_authz_core.c>
|
||||
Require all denied
|
||||
</IfModule>
|
||||
<IfModule !mod_authz_core.c>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</IfModule>
|
||||
</FilesMatch>
|
||||
Loading…
Add table
Add a link
Reference in a new issue