.htaccess security check feature with automatic repair upon login - amended

2024-11-14 20:17:14 +01:00 · 2022-12-08 11:15:24 +00:00 · 2022-12-08 11:15:24 +00:00 · e3b7634581
commit e3b7634581
parent 87e941516e
3 changed files with 79 additions and 66 deletions
--- a/.htaccess
+++ b/.htaccess
@ -1,10 +1,17 @@
 # Generated file from class.acl.php
+# For detection of htaccess functionality
+SetEnv OPENXE_HTACCESS on
 # Disable directory browsing 
 Options -Indexes
-
+# Set default page to index.php
+DirectoryIndex "index.php"
+# Deny general access
 Order deny,allow
+<FilesMatch ".">
+    Order Allow,Deny
    Deny from all
-
+</FilesMatch>
+# Allow index.php
 <Files "index.php">
    Order Allow,Deny
    Allow from all
--- a/phpwf/plugins/class.acl.php
+++ b/phpwf/plugins/class.acl.php
@ -1220,30 +1220,34 @@ class Acl
  protected function CheckHtaccess() : mixed {

  $nominal = array('# Generated file from class.acl.php
+# For detection of htaccess functionality
+SetEnv OPENXE_HTACCESS on
 # Disable directory browsing 
 Options -Indexes
-
+# Set default page to index.php
+DirectoryIndex "index.php"
+# Deny general access
 Order deny,allow
+<FilesMatch ".">
+    Order Allow,Deny
    Deny from all
-
+</FilesMatch>
+# Allow index.php
 <Files "index.php">
    Order Allow,Deny
    Allow from all
 </Files>',
 '# Generated file from class.acl.php         
-                        SetEnv OPENXE_HTACCESS on
-           
 # Disable directory browsing 
 Options -Indexes
-
+# Deny access to all *.php
 Order deny,allow
 Allow from all
-
 <Files *.php>
    Order Allow,Deny
    Deny from all
 </Files>
-
+# Allow access to index.php
 <Files index.php>
    Order Allow,Deny
    Allow from all
@ -1255,22 +1259,27 @@ class Acl
                        dirname($script_file_name)."/.htaccess");           // www
   
    for ($count = 0;$count < 2;$count++) {
+
        $htaccess = file_get_contents($htaccess_path[$count]);           
-        if ($htacess === false) {
-            return("FATAL: ".$htaccess_path[$count]." nicht gefunden");            
-        }
         
        $result = strcmp(trim($htaccess[$count]),trim($nominal[$count]));
-        if ($result !== 0) {
-            $result = file_put_contents($htaccess_path[$count],$nominal[$count]);
+
+        if (($result !== 0) || ($htaccess === false)) {
+            $result = file_put_contents($htaccess_path[$count],trim($nominal[$count]));
            if ($result === false) {
-                return("FATAL: ".$htaccess_path[$count]." fehlerhaft");
+
+                if ($htaccess === false) {
+                    return("FATAL: ".$htaccess_path[$count]." nicht vorhanden und kann nicht korrigiert werden.");
+                }
+                return("FATAL: ".$htaccess_path[$count]." fehlerhaft und kann nicht korrigiert werden.");
            } 
        }
    }
+
    if (!isset($_SERVER['OPENXE_HTACCESS'])) {
        return("FATAL: htaccess nicht aktiv.");
    }
+
    return(true);
    // HTACCESS SECURITY END  
  }
--- a/www/.htaccess
+++ b/www/.htaccess
@ -1,17 +1,14 @@
 # Generated file from class.acl.php         
-                        SetEnv OPENXE_HTACCESS on
-           
 # Disable directory browsing 
 Options -Indexes
-
+# Deny access to all *.php
 Order deny,allow
 Allow from all
-
 <Files *.php>
    Order Allow,Deny
    Deny from all
 </Files>
-
+# Allow access to index.php
 <Files index.php>
    Order Allow,Deny
    Allow from all