From bec5ae188625c148568429ad308a08b0590d485e Mon Sep 17 00:00:00 2001
From: Hamish Friedlander <hamish@silverstripe.com>
Date: Tue, 29 Jan 2013 14:20:12 +1300
Subject: [PATCH] Include code to block yaml files in installer generated
 .htaccess

---
 dev/install/install.php5 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/dev/install/install.php5 b/dev/install/install.php5
index d3ec3783e..ae333d319 100644
--- a/dev/install/install.php5
+++ b/dev/install/install.php5
@@ -1268,6 +1268,13 @@ HTML;
 	Deny from all
 </Files>
 
+# This denies access to all yml files, since developers might include sensitive
+# information in them. See the docs for work-arounds to serve some yaml files
+<Files *.yml>
+	Order allow,deny
+	Deny from all
+</Files>
+
 ErrorDocument 404 /assets/error-404.html
 ErrorDocument 500 /assets/error-500.html