diff options
author | David Rothstein <drothstein@gmail.com> | 2016-02-01 18:48:12 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2016-02-01 18:48:12 -0500 |
commit | aa755ed3763f5aa442c3a399981b7c5d6590f515 (patch) | |
tree | 52d8bcd009ec4cfbc7ba3de599af581cd1e41922 | |
parent | dbef1acd9520dee6c8ee71d7d0f0dd2129cba068 (diff) | |
download | brdo-aa755ed3763f5aa442c3a399981b7c5d6590f515.tar.gz brdo-aa755ed3763f5aa442c3a399981b7c5d6590f515.tar.bz2 |
Issue #2392153 by mparker17, hussainweb, chris.smith, alexpott, dawehner: Disallow composer.json and composer.lock from being indexed
-rw-r--r-- | .htaccess | 2 | ||||
-rw-r--r-- | CHANGELOG.txt | 1 | ||||
-rw-r--r-- | web.config | 2 |
3 files changed, 3 insertions, 2 deletions
@@ -3,7 +3,7 @@ # # Protect files and directories from prying eyes. -<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$"> +<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$"> Order allow,deny </FilesMatch> diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 829cb8fd5..58eeb2bc1 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,7 @@ Drupal 7.42, xxxx-xx-xx (development version) ----------------------- +- Changed the default .htaccess and web.config to block Composer-related files. - Added static caching to module_load_include() to improve performance. - Fixed double-encoding bugs in select field widgets provided by the Options module. The fix deprecates the 'strip_tags' property on option widgets and diff --git a/web.config b/web.config index 09983d925..c6fb5c843 100644 --- a/web.config +++ b/web.config @@ -6,7 +6,7 @@ <rewrite> <rules> <rule name="Protect files and directories from prying eyes" stopProcessing="true"> - <match url="\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$" /> + <match url="\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$" /> <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." /> </rule> <rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true"> |