diff options
-rw-r--r-- | .htaccess | 2 | ||||
-rw-r--r-- | CHANGELOG.txt | 1 | ||||
-rw-r--r-- | web.config | 2 |
3 files changed, 3 insertions, 2 deletions
@@ -3,7 +3,7 @@ # # Protect files and directories from prying eyes. -<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$"> +<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$"> Order allow,deny </FilesMatch> diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 829cb8fd5..58eeb2bc1 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,7 @@ Drupal 7.42, xxxx-xx-xx (development version) ----------------------- +- Changed the default .htaccess and web.config to block Composer-related files. - Added static caching to module_load_include() to improve performance. - Fixed double-encoding bugs in select field widgets provided by the Options module. The fix deprecates the 'strip_tags' property on option widgets and diff --git a/web.config b/web.config index 09983d925..c6fb5c843 100644 --- a/web.config +++ b/web.config @@ -6,7 +6,7 @@ <rewrite> <rules> <rule name="Protect files and directories from prying eyes" stopProcessing="true"> - <match url="\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$" /> + <match url="\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$" /> <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." /> </rule> <rule name="Force simple error message for requests for non-existent favicon.ico" stopProcessing="true"> |