[BUGFIX] htaccess does not allow pages that end with "rc" 03/59803/3
authorChristian Kuhn <lolli@schwarzbu.ch>
Mon, 25 Feb 2019 16:23:19 +0000 (17:23 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Tue, 26 Feb 2019 07:48:33 +0000 (08:48 +0100)
Page names that end with 'rc' return 403 if using apache
with the default core delivered .htaccess. The directive
should match '.rc$' instead of only 'rc$'.

Resolves: #87783
Releases: master, 9.5, 8.7
Change-Id: I59fd6b2a0d87556209713a0beedae0c6624d866f
Reviewed-on: https://review.typo3.org/c/59803
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benjamin Kott <benjamin.kott@outlook.com>
Tested-by: Joerg Kummer <typo3@enobe.de>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Stephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Benjamin Kott <benjamin.kott@outlook.com>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/root-htaccess

index a95c094..3890835 100644 (file)
@@ -312,7 +312,7 @@ AddDefaultCharset utf-8
 # Access block for files
 # Apache < 2.3
 <IfModule !mod_authz_core.c>
-       <FilesMatch "(?i:^\.|^#.*#|^(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|^composer\.(?:json|lock)|^ext_conf_template\.txt|^ext_typoscript_constants\.txt|^ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sqlite(?:\..*)?|sw[op]|git.*)|.*(?:~|rc))$">
+       <FilesMatch "(?i:^\.|^#.*#|^(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|^composer\.(?:json|lock)|^ext_conf_template\.txt|^ext_typoscript_constants\.txt|^ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sqlite(?:\..*)?|sw[op]|git.*|rc)|.*~)$">
                Order allow,deny
                Deny from all
                Satisfy All
@@ -320,7 +320,7 @@ AddDefaultCharset utf-8
 </IfModule>
 # Apache ≥ 2.3
 <IfModule mod_authz_core.c>
-       <If "%{REQUEST_URI} =~ m#(?i:/\.|/\x23.*\x23|/(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|/composer\.(?:json|lock)|/ext_conf_template\.txt|/ext_typoscript_constants\.txt|/ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sqlite(?:\..*)?|sw[op]|git.*)|.*(?:~|rc))$#">
+       <If "%{REQUEST_URI} =~ m#(?i:/\.|/\x23.*\x23|/(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|/composer\.(?:json|lock)|/ext_conf_template\.txt|/ext_typoscript_constants\.txt|/ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sqlite(?:\..*)?|sw[op]|git.*|rc)|.*~)$#">
                Require all denied
        </If>
 </IfModule>