Skip to content

Commit

Permalink
Add rewrite rule to disable access to /vendor/bin folder in .htaccess (
Browse files Browse the repository at this point in the history 
…#5630)
  • Loading branch information
@alecpl
alecpl committed Feb 17, 2017
1 parent 95a7ece commit 364e887
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .htaccess
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
RewriteRule ^(?!installer|\.well-known\/|[a-zA-Z0-9]{16})(\.?[^\.]+)$ - [F]
# - deny access to some locations
RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
# - deny access to composer binaries
RewriteRule ^/vendor\/bin\/.* - [F]
# - deny access to some documentation files
RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml|jsdeps.json|Dockerfile)$ - [F]
</IfModule>
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ CHANGELOG Roundcube Webmail
- Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
- Fix regression where groups with email address were resolved to its members' addresses
- Fix update of group name in the contacts list header on group rename (#5648)
- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)

RELEASE 1.3-beta
----------------
Expand Down

0 comments on commit 364e887

Please sign in to comment.