close #118

rodber · rodber · commit 4f635699ac00 · 2021-10-27T21:06:35.000-03:00
diff --git a/.htaccess b/.htaccess
@@ -31,7 +31,12 @@ Options -MultiViews
 	#RewriteRule images/.+\.(gif|jpe?g|a?png|bmp|webp) content/images/system/default/404.gif [NC,L]
 	RewriteRule images/.+\.(gif|jpe?g|png|bmp|webp) - [NC,L,R=404]
 
+	# PHP front controller
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteCond %{REQUEST_FILENAME} !-d
 	RewriteRule . index.php [L]
+
+    # Single PHP-entrypoint (disables direct access to .php files)
+    RewriteCond %{THE_REQUEST} ^.+?\ [^?]+\.php[?\ ] [NC]
+    RewriteRule \.php$ - [NC,L,F,R=404]
 </IfModule>
diff --git a/app/.htaccess b/app/.htaccess
@@ -1,12 +1,3 @@
-<LimitExcept GET>
-    <IfModule !mod_authz_core.c>
-		Order Allow,Deny
-		Deny from all
-	</IfModule>
-	<IfModule mod_authz_core.c>
-		Require all denied
-	</IfModule>
-</LimitExcept>
 <FilesMatch "\.(?:[Pp][Hh][Pp][345]?|[Pp][Hh][Tt][Mm][Ll])|(po|sql|html?)$">
 	<IfModule !mod_authz_core.c>
 		Order Allow,Deny
diff --git a/app/content/.htaccess b/app/content/.htaccess
diff --git a/app/importer/jobs/.htaccess b/app/importer/jobs/.htaccess
@@ -1,11 +1,7 @@
-<FilesMatch "\.(txt)$">
-	# Apache 2.2
-	<IfModule !mod_authz_core.c>
-		Order Allow,Deny
-		Deny from all
-	</IfModule>
-	# Apache 2.4
-	<IfModule mod_authz_core.c>
-		Require all denied
-	</IfModule> 
-</FilesMatch>
+<IfModule !mod_authz_core.c>
+	Order Allow,Deny
+	Deny from all
+</IfModule>
+<IfModule mod_authz_core.c>
+	Require all denied
+</IfModule>
diff --git a/content/.htaccess b/content/.htaccess
@@ -1,13 +1,18 @@
-<Files .*>
-	# Apache 2.2
+<FilesMatch "\.(?:[Pp][Hh][Pp][345]?|[Pp][Hh][Tt][Mm][Ll])|(po|sql|html?)$">
 	<IfModule !mod_authz_core.c>
 		Order Allow,Deny
 		Deny from all
 	</IfModule>
-	# Apache 2.4
 	<IfModule mod_authz_core.c>
 		Require all denied
-	</IfModule> 
-</Files>
-
-SetHandler default-handler
+	</IfModule>
+</FilesMatch>
+<IfModule mod_php7.c>
+    php_flag engine off
+</IfModule>
+<FilesMatch ".+\.*$">
+    SetHandler !
+</FilesMatch>
+<IfModule mod_rewrite.c>
+    RewriteRule ^.*\.php$ - [F,L]
+</IfModule>
diff --git a/content/pages/.htaccess b/content/pages/.htaccess
diff --git a/images/.htaccess b/images/.htaccess
@@ -1,12 +1,3 @@
-<LimitExcept GET>
-    <IfModule !mod_authz_core.c>
-		Order Allow,Deny
-		Deny from all
-	</IfModule>
-	<IfModule mod_authz_core.c>
-		Require all denied
-	</IfModule>
-</LimitExcept>
 <FilesMatch "\.(?:[Pp][Hh][Pp][345]?|[Pp][Hh][Tt][Mm][Ll])|(po|sql|html?)$">
 	<IfModule !mod_authz_core.c>
 		Order Allow,Deny
diff --git a/importing/.htaccess b/importing/.htaccess
@@ -1,7 +1,7 @@
 <IfModule !mod_authz_core.c>
-    Order Allow,Deny
-    Deny from all
+	Order Allow,Deny
+	Deny from all
 </IfModule>
 <IfModule mod_authz_core.c>
-    Require all denied
-</IfModule> 
+	Require all denied
+</IfModule>
