From f9c20700160610a212ad879e054eff6cd9c91bd6 Mon Sep 17 00:00:00 2001
From: mattab <matthieu.aubry@gmail.com>
Date: Tue, 27 Dec 2016 15:54:54 +1300
Subject: [PATCH] Do not add Options -Indexes to .htaccess fixes #11040
---
core/Updates/{3.0.1.php => 3.0.1-b1.php} | 3 ++-
plugins/Installation/ServerFilesGenerator.php | 23 ++++++++-----------
2 files changed, 12 insertions(+), 14 deletions(-)
rename core/Updates/{3.0.1.php => 3.0.1-b1.php} (76%)
diff --git a/core/Updates/3.0.1.php b/core/Updates/3.0.1-b1.php
similarity index 76%
rename from core/Updates/3.0.1.php
rename to core/Updates/3.0.1-b1.php
index 8820be0526..6222e27b2c 100644
--- a/core/Updates/3.0.1.php
+++ b/core/Updates/3.0.1-b1.php
@@ -13,11 +13,12 @@ use Piwik\Plugins\Installation\ServerFilesGenerator;
use Piwik\Updater;
use Piwik\Updates as PiwikUpdates;
-class Updates_3_0_1 extends PiwikUpdates
+class Updates_3_0_1_b1 extends PiwikUpdates
{
public function doUpdate(Updater $updater)
{
// Allow IIS to serve .woff files (https://github.com/piwik/piwik/pull/11091).
+ // Re-generate .htaccess without 'Options -Indexes' because it does not always work on some servers
ServerFilesGenerator::createFilesForSecurity();
}
}
diff --git a/plugins/Installation/ServerFilesGenerator.php b/plugins/Installation/ServerFilesGenerator.php
index a10b1471dc..1207024bfd 100644
--- a/plugins/Installation/ServerFilesGenerator.php
+++ b/plugins/Installation/ServerFilesGenerator.php
@@ -33,13 +33,10 @@ class ServerFilesGenerator
$denyAll = self::getDenyAllHtaccessContent();
$allow = self::getAllowHtaccessContent();
- // more selective allow/deny filters
- $noDirectoryListing = "Options -Indexes\n";
-
$allowAny =
"# Allow any file in this directory\n" .
"<Files \"*\">\n" .
- $allow . "\n" .
+ "\t" . $allow . "\n" .
"</Files>\n";
$allowStaticAssets =
@@ -55,11 +52,11 @@ class ServerFilesGenerator
"</Files>\n";
$directoriesToProtect = array(
- '/js' => $allowAny . $noDirectoryListing,
- '/libs' => $denyAll . $allowStaticAssets . $noDirectoryListing,
- '/vendor' => $denyAll . $allowStaticAssets . $noDirectoryListing,
- '/plugins' => $denyAll . $allowStaticAssets . $noDirectoryListing,
- '/misc/user' => $denyAll . $allowStaticAssets . $noDirectoryListing,
+ '/js' => $allowAny,
+ '/libs' => $denyAll . $allowStaticAssets,
+ '/vendor' => $denyAll . $allowStaticAssets,
+ '/plugins' => $denyAll . $allowStaticAssets,
+ '/misc/user' => $denyAll . $allowStaticAssets,
);
foreach ($directoriesToProtect as $directoryToProtect => $content) {
self::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content);
@@ -67,10 +64,10 @@ class ServerFilesGenerator
// deny access to these folders
$directoriesToProtect = array(
- '/config' => $denyAll . $noDirectoryListing,
- '/core' => $denyAll . $noDirectoryListing,
- '/lang' => $denyAll . $noDirectoryListing,
- '/tmp' => $denyAll . $noDirectoryListing,
+ '/config' => $denyAll,
+ '/core' => $denyAll,
+ '/lang' => $denyAll,
+ '/tmp' => $denyAll,
);
foreach ($directoriesToProtect as $directoryToProtect => $content) {
self::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content);
--
GitLab