[TASK] Block web access to *.tsconfig files 12/57812/2
authorStephan Großberndt <stephan.grossberndt@typo3.org>
Fri, 3 Aug 2018 08:22:02 +0000 (10:22 +0200)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Sun, 5 Aug 2018 08:49:24 +0000 (10:49 +0200)
Resolves: #85738
Releases: master, 8.7
Change-Id: I824cdce7c08e5390eafb654e2066b8f61db3c0ac
Reviewed-on: https://review.typo3.org/57812
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
_.htaccess
_web.config

index 03e8794..c61e40f 100644 (file)
@@ -95,7 +95,7 @@
        </IfModule>
 
        <IfModule mod_mime.c>
-               AddEncoding gzip              svgz
+               AddEncoding gzip svgz
        </IfModule>
 </IfModule>
 
@@ -312,7 +312,7 @@ AddDefaultCharset utf-8
 # Access block for files
 # Apache < 2.3
 <IfModule !mod_authz_core.c>
-    <FilesMatch "(?i:^\.|^#.*#|^(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|^composer\.(?:json|lock)|^ext_conf_template\.txt|^ext_typoscript_constants\.txt|^ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sw[op]|git.*)|.*(?:~|rc))$">
+    <FilesMatch "(?i:^\.|^#.*#|^(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|^composer\.(?:json|lock)|^ext_conf_template\.txt|^ext_typoscript_constants\.txt|^ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sw[op]|git.*)|.*(?:~|rc))$">
         Order allow,deny
         Deny from all
         Satisfy All
@@ -320,7 +320,7 @@ AddDefaultCharset utf-8
 </IfModule>
 # Apache ≥ 2.3
 <IfModule mod_authz_core.c>
-    <If "%{REQUEST_URI} =~ m#(?i:/\.|/\x23.*\x23|/(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|/composer\.(?:json|lock)|/ext_conf_template\.txt|/ext_typoscript_constants\.txt|/ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sw[op]|git.*)|.*(?:~|rc))$#">
+    <If "%{REQUEST_URI} =~ m#(?i:/\.|/\x23.*\x23|/(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|/composer\.(?:json|lock)|/ext_conf_template\.txt|/ext_typoscript_constants\.txt|/ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sw[op]|git.*)|.*(?:~|rc))$#">
         Require all denied
     </If>
 </IfModule>
index c2d20f4..80971e0 100644 (file)
@@ -28,7 +28,7 @@
                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                 </rule>
                 <rule name="TYPO3 - Block access to miscellaneous protected files">
-                    <match url="/.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$" ignoreCase="true" />
+                    <match url="/.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql)$" ignoreCase="true" />
                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                 </rule>
                 <rule name="TYPO3 - Block access to recycler and temporary directories">
@@ -39,7 +39,7 @@
                     <match url="fileadmin/(?:templates)/.*\.(?:txt|ts)$" ignoreCase="false" />
                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                 </rule>
-                <rule name="TYPO3 - Block access to libaries, source and temporary compiled data">
+                <rule name="TYPO3 - Block access to libraries, source and temporary compiled data">
                     <match url="^(?:vendor|typo3_src|typo3temp/var)" ignoreCase="false" />
                     <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                 </rule>