From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 .htaccess |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/.htaccess b/.htaccess
index 0342e08..26fec1a 100644
--- a/.htaccess
+++ b/.htaccess
@@ -10,6 +10,7 @@
 php_value	post_max_size		6M
 php_value	memory_limit		64M
 
+php_flag	register_globals	Off
 php_flag	zlib.output_compression		Off
 php_flag	magic_quotes_gpc		Off
 php_flag	magic_quotes_runtime		Off
@@ -30,7 +31,7 @@
 # security rules:
 # - deny access to files not containing a dot or starting with a dot
 #   in all locations except installer directory
-RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F]
+RewriteRule ^(?!installer|\.well-known\/)(\.?[^\.]+)$ - [F]
 # - deny access to some locations
 RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
 # - deny access to some documentation files

--
Gitblit v1.9.1