Loading .htaccess +1 −1 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ # # Protect files and directories from prying eyes. <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)|$yarn.lock$|package.json$"> <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$"> <IfModule mod_authz_core.c> Require all denied </IfModule> Loading core/assets/scaffold/files/htaccess +1 −1 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ # # Protect files and directories from prying eyes. <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)|$yarn.lock$|package.json$"> <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$"> <IfModule mod_authz_core.c> Require all denied </IfModule> Loading core/modules/system/tests/fixtures/HtaccessTest/package.json 0 → 100644 +0 −0 Empty file added. core/modules/system/tests/fixtures/HtaccessTest/yarn.lock 0 → 100644 +0 −0 Empty file added. core/modules/system/tests/src/Functional/System/HtaccessTest.php +4 −0 Original line number Diff line number Diff line Loading @@ -91,6 +91,10 @@ protected function getProtectedFiles() { $file_paths["$path/composer.json"] = 403; $file_paths["$path/composer.lock"] = 403; // Ensure package.json and yarn.lock cannot be accessed. $file_paths["$path/package.json"] = 403; $file_paths["$path/yarn.lock"] = 403; // Ensure web server configuration files cannot be accessed. $file_paths["$path/.htaccess"] = 403; $file_paths["$path/web.config"] = 403; Loading Loading
.htaccess +1 −1 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ # # Protect files and directories from prying eyes. <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)|$yarn.lock$|package.json$"> <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$"> <IfModule mod_authz_core.c> Require all denied </IfModule> Loading
core/assets/scaffold/files/htaccess +1 −1 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ # # Protect files and directories from prying eyes. <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)|$yarn.lock$|package.json$"> <FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$"> <IfModule mod_authz_core.c> Require all denied </IfModule> Loading
core/modules/system/tests/src/Functional/System/HtaccessTest.php +4 −0 Original line number Diff line number Diff line Loading @@ -91,6 +91,10 @@ protected function getProtectedFiles() { $file_paths["$path/composer.json"] = 403; $file_paths["$path/composer.lock"] = 403; // Ensure package.json and yarn.lock cannot be accessed. $file_paths["$path/package.json"] = 403; $file_paths["$path/yarn.lock"] = 403; // Ensure web server configuration files cannot be accessed. $file_paths["$path/.htaccess"] = 403; $file_paths["$path/web.config"] = 403; Loading
