9.3.26

docroot/.htaccess

@@ -88,14 +88,20 @@ AddEncoding gzip svgz
 <IfModule mod_rewrite.c>
   RewriteEngine on
 
+  # Block access via specific user-agents.
+  RewriteCond %{HTTP_USER_AGENT} CQ-API-Spyder [NC]
+  RewriteRule .* - [F,L]
+
   # Block access to php & html files. Node_modules and the vendor
   # directory should never be available. Also block any WordPress urls.
   RewriteCond %{REQUEST_URI} node_modules [OR,NC]
   RewriteCond %{REQUEST_URI} ^/vendor [OR,NC]
   RewriteCond %{REQUEST_URI} "/wp-(admin|content/plugins/|includes|cron\.php|config\.php|login\.php|signup\.php)|xmlrpc.php" [OR,NC]
   RewriteCond %{THE_REQUEST} \.php[/\s?] [OR,NC]
-  RewriteCond %{THE_REQUEST} \.html[/\s?] [NC]
+  RewriteCond %{REQUEST_URI} \.html [NC]
+   # Allow access to SimpleSaml login and music.stanford.edu redirect path.
   RewriteCond %{REQUEST_URI} !^/simplesaml/module.php
+  RewriteCond %{REQUEST_URI} !^/Academics/LessonSignups.html
   RewriteRule .* - [F]
 
   # Block access to specific files/paths to all users except stanford IP's.

docroot/profiles/humsci/su_humsci_profile/modules/humsci_default_content/humsci_default_content.info.yml

@@ -3,7 +3,7 @@ description: 'DO NOT INSTALL. This is for profile installation task only.'
 core_version_requirement: '^8.8 || ^9'
 hidden: true
 type: module
-version: 9.3.25
+version: 9.3.26
 default_content:
   shortcut:
     - 0c69448d-c6fa-4fb8-9b2e-f93f3a955baf

docroot/profiles/humsci/su_humsci_profile/modules/humsci_events_listeners/humsci_events_listeners.info.yml

@@ -14,4 +14,4 @@ dependencies:
   - 'hook_event_dispatcher:toolbar_event_dispatcher'
   - 'hook_event_dispatcher:user_event_dispatcher'
   - 'hook_event_dispatcher:views_event_dispatcher'
-version: 9.3.25
+version: 9.3.26

docroot/profiles/humsci/su_humsci_profile/su_humsci_profile.info.yml

@@ -1,7 +1,7 @@
 name: 'Stanford HumSci'
 type: profile
 description: 'Installation profile for HumSci Drupal'
-version: 9.3.25
+version: 9.3.26
 core_version_requirement: '^8.8 || ^9'
 themes:
   - material_admin

patches/htaccess.patch

@@ -1,5 +1,5 @@
 diff --git a/docroot/.htaccess b/docroot/.htaccess
-index 4d19147c..80b4a625 100644
+index 4d19147c..df15a39f 100644
 --- a/docroot/.htaccess
 +++ b/docroot/.htaccess
 @@ -1,3 +1,24 @@
@@ -27,18 +27,24 @@ index 4d19147c..80b4a625 100644
  #
  # Apache/PHP/Drupal settings:
  #
-@@ -67,6 +88,54 @@ AddEncoding gzip svgz
+@@ -67,6 +88,60 @@ AddEncoding gzip svgz
  <IfModule mod_rewrite.c>
    RewriteEngine on
-
+
++  # Block access via specific user-agents.
++  RewriteCond %{HTTP_USER_AGENT} CQ-API-Spyder [NC]
++  RewriteRule .* - [F,L]
++
 +  # Block access to php & html files. Node_modules and the vendor
 +  # directory should never be available. Also block any WordPress urls.
 +  RewriteCond %{REQUEST_URI} node_modules [OR,NC]
 +  RewriteCond %{REQUEST_URI} ^/vendor [OR,NC]
 +  RewriteCond %{REQUEST_URI} "/wp-(admin|content/plugins/|includes|cron\.php|config\.php|login\.php|signup\.php)|xmlrpc.php" [OR,NC]
 +  RewriteCond %{THE_REQUEST} \.php[/\s?] [OR,NC]
-+  RewriteCond %{THE_REQUEST} \.html[/\s?] [NC]
++  RewriteCond %{REQUEST_URI} \.html [NC]
++   # Allow access to SimpleSaml login and music.stanford.edu redirect path.
 +  RewriteCond %{REQUEST_URI} !^/simplesaml/module.php
++  RewriteCond %{REQUEST_URI} !^/Academics/LessonSignups.html
 +  RewriteRule .* - [F]
 +
 +  # Block access to specific files/paths to all users except stanford IP's.
@@ -82,7 +88,7 @@ index 4d19147c..80b4a625 100644
    # Set "protossl" to "s" if we were accessed via https://.  This is used later
    # if you enable "www." stripping or enforcement, in order to ensure that
    # you don't bounce between http and https.
-@@ -144,6 +213,8 @@ AddEncoding gzip svgz
+@@ -144,6 +219,8 @@ AddEncoding gzip svgz
    RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
    # Allow access to test-specific PHP files:
    RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php