mirror of
https://github.com/OpenXE-org/OpenXE.git
synced 2024-12-25 06:00:28 +01:00
.htaccess security check feature with automatic repair upon login - amended
This commit is contained in:
parent
87e941516e
commit
e3b7634581
11
.htaccess
11
.htaccess
@ -1,10 +1,17 @@
|
||||
# Generated file from class.acl.php
|
||||
# For detection of htaccess functionality
|
||||
SetEnv OPENXE_HTACCESS on
|
||||
# Disable directory browsing
|
||||
Options -Indexes
|
||||
|
||||
# Set default page to index.php
|
||||
DirectoryIndex "index.php"
|
||||
# Deny general access
|
||||
Order deny,allow
|
||||
<FilesMatch ".">
|
||||
Order Allow,Deny
|
||||
Deny from all
|
||||
|
||||
</FilesMatch>
|
||||
# Allow index.php
|
||||
<Files "index.php">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
@ -1220,30 +1220,34 @@ class Acl
|
||||
protected function CheckHtaccess() : mixed {
|
||||
|
||||
$nominal = array('# Generated file from class.acl.php
|
||||
# For detection of htaccess functionality
|
||||
SetEnv OPENXE_HTACCESS on
|
||||
# Disable directory browsing
|
||||
Options -Indexes
|
||||
|
||||
# Set default page to index.php
|
||||
DirectoryIndex "index.php"
|
||||
# Deny general access
|
||||
Order deny,allow
|
||||
<FilesMatch ".">
|
||||
Order Allow,Deny
|
||||
Deny from all
|
||||
|
||||
</FilesMatch>
|
||||
# Allow index.php
|
||||
<Files "index.php">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
</Files>',
|
||||
'# Generated file from class.acl.php
|
||||
SetEnv OPENXE_HTACCESS on
|
||||
|
||||
# Disable directory browsing
|
||||
Options -Indexes
|
||||
|
||||
# Deny access to all *.php
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
|
||||
<Files *.php>
|
||||
Order Allow,Deny
|
||||
Deny from all
|
||||
</Files>
|
||||
|
||||
# Allow access to index.php
|
||||
<Files index.php>
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
@ -1255,22 +1259,27 @@ class Acl
|
||||
dirname($script_file_name)."/.htaccess"); // www
|
||||
|
||||
for ($count = 0;$count < 2;$count++) {
|
||||
|
||||
$htaccess = file_get_contents($htaccess_path[$count]);
|
||||
if ($htacess === false) {
|
||||
return("FATAL: ".$htaccess_path[$count]." nicht gefunden");
|
||||
}
|
||||
|
||||
$result = strcmp(trim($htaccess[$count]),trim($nominal[$count]));
|
||||
if ($result !== 0) {
|
||||
$result = file_put_contents($htaccess_path[$count],$nominal[$count]);
|
||||
|
||||
if (($result !== 0) || ($htaccess === false)) {
|
||||
$result = file_put_contents($htaccess_path[$count],trim($nominal[$count]));
|
||||
if ($result === false) {
|
||||
return("FATAL: ".$htaccess_path[$count]." fehlerhaft");
|
||||
|
||||
if ($htaccess === false) {
|
||||
return("FATAL: ".$htaccess_path[$count]." nicht vorhanden und kann nicht korrigiert werden.");
|
||||
}
|
||||
return("FATAL: ".$htaccess_path[$count]." fehlerhaft und kann nicht korrigiert werden.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!isset($_SERVER['OPENXE_HTACCESS'])) {
|
||||
return("FATAL: htaccess nicht aktiv.");
|
||||
}
|
||||
|
||||
return(true);
|
||||
// HTACCESS SECURITY END
|
||||
}
|
||||
|
@ -1,17 +1,14 @@
|
||||
# Generated file from class.acl.php
|
||||
SetEnv OPENXE_HTACCESS on
|
||||
|
||||
# Disable directory browsing
|
||||
Options -Indexes
|
||||
|
||||
# Deny access to all *.php
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
|
||||
<Files *.php>
|
||||
Order Allow,Deny
|
||||
Deny from all
|
||||
</Files>
|
||||
|
||||
# Allow access to index.php
|
||||
<Files index.php>
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
Loading…
Reference in New Issue
Block a user