BryanDavis has uploaded a new change for review. https://gerrit.wikimedia.org/r/266173
Change subject: Prevent content/common.inc.php from being viewed ...................................................................... Prevent content/common.inc.php from being viewed Add support for blacklisting files from the query string indexing method and use it to blacklist common.inc.php. Change-Id: If3a47179f59beb2830219158bfeed9517f7facc3 --- M www/index.php 1 file changed, 5 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/labs/toollabs refs/changes/73/266173/1 diff --git a/www/index.php b/www/index.php index 20409f8..9d0ae32 100644 --- a/www/index.php +++ b/www/index.php @@ -77,8 +77,12 @@ exit( 0 ); } +// Files that should not be exposed from the content directory +$contentBlacklist = array( 'common.inc' ); $content = $values[1]; -if ( !file_exists( "{$dr}/content/{$content}.php" ) ) { +if ( !file_exists( "{$dr}/content/{$content}.php" ) || + in_array( $content, $contentBlacklist ) +) { header( 'HTTP/1.0 404 Not Found' ); include 'content/404.php'; exit( 0 ); -- To view, visit https://gerrit.wikimedia.org/r/266173 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If3a47179f59beb2830219158bfeed9517f7facc3 Gerrit-PatchSet: 1 Gerrit-Project: labs/toollabs Gerrit-Branch: master Gerrit-Owner: BryanDavis <bda...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits