Issue #3191389 by anmolgoyal74, greggles, larowlan, mcdruid, pwolanin, brayfe:...

Issue #3191389 by anmolgoyal74, greggles, larowlan, mcdruid, pwolanin, brayfe: File Inclusion issue security hardening

.ht.router.php

@@ -24,6 +24,12 @@
  * @see http://php.net/manual/en/features.commandline.webserver.php
  */
 
+if (PHP_SAPI !== 'cli-server') {
+  // Bail out if this is not PHP's Development Server.
+  header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+  exit;
+}
+
 $url = parse_url($_SERVER['REQUEST_URI']);
 if (file_exists(__DIR__ . $url['path'])) {
   // Serve the requested resource as-is.

core/assets/scaffold/files/ht.router.php

@@ -24,6 +24,12 @@
  * @see http://php.net/manual/en/features.commandline.webserver.php
  */
 
+if (PHP_SAPI !== 'cli-server') {
+  // Bail out if this is not PHP's Development Server.
+  header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+  exit;
+}
+
 $url = parse_url($_SERVER['REQUEST_URI']);
 if (file_exists(__DIR__ . $url['path'])) {
   // Serve the requested resource as-is.