Roundcubemail devel
parent: 82fcd4e7 | patch | commit | ignore whitespace
Aleksander Machniak
2015-12-22 222f47c042fcdb9732d8d068ab17a1f611c22be1 
Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)

Conflicts:

	.htaccess
2 files modified
3 ■■■■ changed files
.htaccess 2 ●●● patch | view | raw | blame | history
CHANGELOG 1 ●●●● patch | view | raw | blame | history 
 .htaccess


@@ -31,7 +31,7 @@


# security rules:


# - deny access to files not containing a dot or starting with a dot


#   in all locations except installer directory


RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F]


RewriteRule ^(?!installer|\.well-known\/)(\.?[^\.]+)$ - [F]


# - deny access to some locations


RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]


# - deny access to some documentation files




 CHANGELOG


@@ -8,6 +8,7 @@


- Fix PDF support detection in Firefox > 19 (#1490610)


- Fix path traversal vulnerability in setting a skin (#1490620)


- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)


- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)




RELEASE 1.0.7


-------------