Merge remote-tracking branch 'origin/3.0' into 3.1

Conflicts: composer.json
2013-03-08 10:54:49 +01:00 · 2013-03-08 10:54:49 +01:00 · 41761472b2
parent b737ad1341 3c88359698
commit 41761472b2
4 changed files with 27 additions and 2 deletions
--- a/.htaccess
+++ b/.htaccess
@ -10,11 +10,20 @@
 	Deny from all
 </Files>

+# This denies access to all yml files, since developers might include sensitive
+# information in them. See the docs for work-arounds to serve some yaml files
+<Files *.yml>
+	Order allow,deny
+	Deny from all
+</Files>
+
 ErrorDocument 404 /assets/error-404.html
 ErrorDocument 500 /assets/error-500.html

 <IfModule mod_alias.c>
 	RedirectMatch 403 /silverstripe-cache(/|$)
+	RedirectMatch 403 /vendor(/|$)
+	RedirectMatch 403 /composer\.(json|lock)
 </IfModule>

 <IfModule mod_rewrite.c>
--- a/composer.json
+++ b/composer.json
@ -13,5 +13,8 @@
 		"silverstripe/buildtools": "*",
 		"phpunit/phpunit": "3.7.*"
 	},
+	"config": {
+		"process-timeout": 600	
+	},
 	"minimum-stability": "dev"
 }
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@ -25,7 +25,7 @@
 	<listeners>
 		<listener class="SS_TestListener" file="framework/dev/TestListener.php" />
 	</listeners>
-
+	
 	<groups>
 		<exclude>
 			<group>sanitychecks</group>
--- a/web.config
+++ b/web.config
@ -1,5 +1,18 @@
-<?xml version="1.0" encoding="utf-8"?>
 <configuration>
 	<system.webServer>
+		<security>
+			<requestFiltering>
+				<hiddenSegments>
+					<add segment="silverstripe-cache/" />
+					<add segment="vendor" />
+					<add segment="composer.json" />
+					<add segment="composer.lock" />
+				</hiddenSegments>
+				<fileExtensions allowUnlisted="true" >
+					<add fileExtension=".ss" allowed="false"/>
+					<add fileExtension=".yml" allowed="false"/>
+				</fileExtensions>
+			</requestFiltering>
+		</security>
 	</system.webServer>
 </configuration>