From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 .htaccess |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/.htaccess b/.htaccess
index 9035952..26fec1a 100644
--- a/.htaccess
+++ b/.htaccess
@@ -31,7 +31,7 @@
 # security rules:
 # - deny access to files not containing a dot or starting with a dot
 #   in all locations except installer directory
-RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F]
+RewriteRule ^(?!installer|\.well-known\/)(\.?[^\.]+)$ - [F]
 # - deny access to some locations
 RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
 # - deny access to some documentation files

--
Gitblit v1.9.1