Do not add Options -Indexes to .htaccess

fixes #11040

core/Updates/3.0.1.php → core/Updates/3.0.1-b1.php

@@ -13,11 +13,12 @@ use Piwik\Plugins\Installation\ServerFilesGenerator;
 use Piwik\Updater;
 use Piwik\Updates as PiwikUpdates;
 
-class Updates_3_0_1 extends PiwikUpdates
+class Updates_3_0_1_b1 extends PiwikUpdates
 {
     public function doUpdate(Updater $updater)
     {
         // Allow IIS to serve .woff files (https://github.com/piwik/piwik/pull/11091).
+        // Re-generate .htaccess without 'Options -Indexes' because it does not always work on some servers
         ServerFilesGenerator::createFilesForSecurity();
     }
 }

plugins/Installation/ServerFilesGenerator.php

@@ -33,13 +33,10 @@ class ServerFilesGenerator
         $denyAll = self::getDenyAllHtaccessContent();
         $allow = self::getAllowHtaccessContent();
 
-        // more selective allow/deny filters
-        $noDirectoryListing = "Options -Indexes\n";
-
         $allowAny =
             "# Allow any file in this directory\n" .
             "<Files \"*\">\n" .
-            $allow . "\n" .
+            "\t" . $allow . "\n" .
             "</Files>\n";
 
         $allowStaticAssets =
@@ -55,11 +52,11 @@ class ServerFilesGenerator
             "</Files>\n";
 
         $directoriesToProtect = array(
-            '/js'        => $allowAny . $noDirectoryListing,
-            '/libs'      => $denyAll . $allowStaticAssets . $noDirectoryListing,
-            '/vendor'    => $denyAll . $allowStaticAssets . $noDirectoryListing,
-            '/plugins'   => $denyAll . $allowStaticAssets . $noDirectoryListing,
-            '/misc/user' => $denyAll . $allowStaticAssets . $noDirectoryListing,
+            '/js'        => $allowAny,
+            '/libs'      => $denyAll . $allowStaticAssets,
+            '/vendor'    => $denyAll . $allowStaticAssets,
+            '/plugins'   => $denyAll . $allowStaticAssets,
+            '/misc/user' => $denyAll . $allowStaticAssets,
         );
         foreach ($directoriesToProtect as $directoryToProtect => $content) {
             self::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content);
@@ -67,10 +64,10 @@ class ServerFilesGenerator
 
         // deny access to these folders
         $directoriesToProtect = array(
-            '/config' => $denyAll . $noDirectoryListing,
-            '/core' => $denyAll . $noDirectoryListing,
-            '/lang' => $denyAll . $noDirectoryListing,
-            '/tmp' => $denyAll . $noDirectoryListing,
+            '/config' => $denyAll,
+            '/core' => $denyAll,
+            '/lang' => $denyAll,
+            '/tmp' => $denyAll,
         );
         foreach ($directoriesToProtect as $directoryToProtect => $content) {
             self::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content);