From c73845e286b3063e221026373331fb22bd3b99d1 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Fri, 17 Apr 2020 12:46:12 +0100
Subject: [PATCH] Issue #2455465 by stefan.r, Darren Oh, cosmicdreams,
 longwave, benjy, alexpott: Add mod_php7 check to htaccess and remove php5
 code

(cherry picked from commit a585dd6a7e92a3133b44f2d29d25db93a32f9343)
---
 .htaccess                                             | 11 ++---------
 composer/Plugin/VendorHardening/FileSecurity.php      |  3 ---
 core/assets/scaffold/files/htaccess                   | 11 ++---------
 .../Drupal/Component/FileSecurity/FileSecurity.php    |  3 ---
 4 files changed, 4 insertions(+), 24 deletions(-)

diff --git a/.htaccess b/.htaccess
index ae2e2429087a..6f9123d14b13 100644
--- a/.htaccess
+++ b/.htaccess
@@ -27,16 +27,9 @@ AddEncoding gzip svgz
 # Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
 # changed at runtime.
 
-# PHP 5, Apache 1 and 2.
-<IfModule mod_php5.c>
+# PHP 7, Apache 1 and 2.
+<IfModule mod_php7.c>
   php_value assert.active                   0
-  php_flag session.auto_start               off
-  php_value mbstring.http_input             pass
-  php_value mbstring.http_output            pass
-  php_flag mbstring.encoding_translation    off
-  # PHP 5.6 has deprecated $HTTP_RAW_POST_DATA and produces warnings if this is
-  # not set.
-  php_value always_populate_raw_post_data   -1
 </IfModule>
 
 # Requires mod_expires to be enabled.
diff --git a/composer/Plugin/VendorHardening/FileSecurity.php b/composer/Plugin/VendorHardening/FileSecurity.php
index c6f5b90c5b70..263314582a51 100644
--- a/composer/Plugin/VendorHardening/FileSecurity.php
+++ b/composer/Plugin/VendorHardening/FileSecurity.php
@@ -74,9 +74,6 @@ protected static function htaccessPreventExecution() {
 </Files>
 
 # If we know how to do it safely, disable the PHP engine entirely.
-<IfModule mod_php5.c>
-  php_flag engine off
-</IfModule>
 <IfModule mod_php7.c>
   php_flag engine off
 </IfModule>
diff --git a/core/assets/scaffold/files/htaccess b/core/assets/scaffold/files/htaccess
index ae2e2429087a..6f9123d14b13 100644
--- a/core/assets/scaffold/files/htaccess
+++ b/core/assets/scaffold/files/htaccess
@@ -27,16 +27,9 @@ AddEncoding gzip svgz
 # Drupal\Core\DrupalKernel::bootEnvironment() for settings that can be
 # changed at runtime.
 
-# PHP 5, Apache 1 and 2.
-<IfModule mod_php5.c>
+# PHP 7, Apache 1 and 2.
+<IfModule mod_php7.c>
   php_value assert.active                   0
-  php_flag session.auto_start               off
-  php_value mbstring.http_input             pass
-  php_value mbstring.http_output            pass
-  php_flag mbstring.encoding_translation    off
-  # PHP 5.6 has deprecated $HTTP_RAW_POST_DATA and produces warnings if this is
-  # not set.
-  php_value always_populate_raw_post_data   -1
 </IfModule>
 
 # Requires mod_expires to be enabled.
diff --git a/core/lib/Drupal/Component/FileSecurity/FileSecurity.php b/core/lib/Drupal/Component/FileSecurity/FileSecurity.php
index d5060cf7d718..d9996bbbca21 100644
--- a/core/lib/Drupal/Component/FileSecurity/FileSecurity.php
+++ b/core/lib/Drupal/Component/FileSecurity/FileSecurity.php
@@ -72,9 +72,6 @@ protected static function htaccessPreventExecution() {
 </Files>
 
 # If we know how to do it safely, disable the PHP engine entirely.
-<IfModule mod_php5.c>
-  php_flag engine off
-</IfModule>
 <IfModule mod_php7.c>
   php_flag engine off
 </IfModule>
-- 
GitLab