mirror of
https://github.com/silverstripe/silverstripe-installer
synced 2024-10-22 17:05:33 +02:00
Merge pull request #3 from silverstripe-security/pulls/4.0/ss-2018-014
[SS-2018-014] Remove jar, css and js from file extension whitelist
This commit is contained in:
commit
ec5093feb6
@ -25,7 +25,7 @@ AddHandler default-handler php phtml php3 php4 php5 inc
|
||||
RewriteRule error[^\\/]*\.html$ - [L]
|
||||
|
||||
# Block invalid file extensions
|
||||
RewriteCond %{REQUEST_URI} !^[^.]*\.(?i:ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|css|csv|dmg|doc|docx|dotx|dotm|flv|gif|gpx|gz|hqx|ico|jar|jpeg|jpg|js|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|potm|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|xltm|zip|zipx)$
|
||||
RewriteCond %{REQUEST_URI} !^[^.]*\.(?i:css|js|ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|csv|dmg|doc|docx|dotx|flv|gif|gpx|gz|hqx|ico|jpeg|jpg|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|zip|zipx)$
|
||||
RewriteRule .* - [F]
|
||||
|
||||
# Non existant files passed to requesthandler
|
||||
|
Loading…
Reference in New Issue
Block a user