[GIT] kirby v2.5.12

[FIX] security fix: block access to git repo
2018-08-20 13:26:47 +02:00 · 2018-08-20 13:19:37 +02:00
3 changed files with 10 additions and 4 deletions
--- a/.htaccess
+++ b/.htaccess
@ -10,8 +10,8 @@ RewriteRule ^content/(.*)\.(txt|md|mdown)$ index.php [L]

 # block all files in the site folder from being accessed directly
 # except for requests to plugin assets files
-#RewriteRule ^assets/plugins/([a-zA-Z0-9\.\-_%=]+)/(.*)$ site/plugins/$1/assets/$2 [L,N]
-#RewriteCond $1 !^plugins/[a-zA-Z0-9\.\-_%=]+/assets/.*
+RewriteRule ^assets/plugins/([a-zA-Z0-9\.\-_%=]+)/(.*)$ site/plugins/$1/assets/$2 [L,N]
+RewriteCond $1 !^plugins/[a-zA-Z0-9\.\-_%=]+/assets/.*
 RewriteRule ^site/(.*) index.php [L]

 # block direct access to kirby and the panel sources
@ -33,6 +33,12 @@ RewriteRule ^(.*) index.php [L]
 # block update scripts
 RewriteRule ^(.*).sh$ error [R=301,L]

+# block git repo
+RewriteRule ^.git/(.*) error [R=301,L]
+RewriteRule ^.gitattributes error [R=301,L]
+RewriteRule ^.gitignore error [R=301,L]
+RewriteRule ^.gitmodules error [R=301,L]
+

 # enable gzip compressed transfer
 <IfModule mod_deflate.c>
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit dce4a931e1d3d0fa177d890e31eb9d836f400dc0
+Subproject commit e3bc4e4277859249cff1a67c333a5544766cad31
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit a21738ca759b150bfb8d618060ad72296ab25810
+Subproject commit 31a79539294c24f636d2f3af004aa2576eb59040
Author	SHA1	Message	Date
Jannik Beyerstedt	f387f253e7	[GIT] kirby v2.5.12	2018-08-20 13:26:47 +02:00
Jannik Beyerstedt	b4546b5ceb	[FIX] security fix: block access to git repo	2018-08-20 13:19:37 +02:00