From 2c0a550105f22e17307198bb295f83c210fb7cb5 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Wed, 23 Dec 2015 03:48:50 -0500
Subject: [PATCH] Bump version to 1.0.8; update Changelog

---
 .htaccess |   18 +++++++++++-------
 1 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/.htaccess b/.htaccess
index 98258c9..26fec1a 100644
--- a/.htaccess
+++ b/.htaccess
@@ -10,6 +10,7 @@
 php_value	post_max_size		6M
 php_value	memory_limit		64M
 
+php_flag	register_globals	Off
 php_flag	zlib.output_compression		Off
 php_flag	magic_quotes_gpc		Off
 php_flag	magic_quotes_runtime		Off
@@ -21,17 +22,20 @@
 php_value	session.gc_maxlifetime	21600
 php_value	session.gc_divisor	500
 php_value	session.gc_probability	1
-
-# http://bugs.php.net/bug.php?id=30766
-php_value	mbstring.func_overload	0
 </IfModule>
 
 <IfModule mod_rewrite.c>
 RewriteEngine On
-RewriteRule ^favicon\.ico$ skins/default/images/favicon.ico
-# security rules
-RewriteRule .svn/ - [F]
-RewriteRule ^README|INSTALL|LICENSE|SQL|bin|CHANGELOG$ - [F]
+RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
+
+# security rules:
+# - deny access to files not containing a dot or starting with a dot
+#   in all locations except installer directory
+RewriteRule ^(?!installer|\.well-known\/)(\.?[^\.]+)$ - [F]
+# - deny access to some locations
+RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
+# - deny access to some documentation files
+RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml)$ - [F]
 </IfModule>
 
 <IfModule mod_deflate.c>

--
Gitblit v1.9.1