BryanDavis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/266173
Change subject: Prevent content/common.inc.php from being viewed
......................................................................
Prevent content/common.inc.php from being viewed
Add support for blacklisting files from the query string indexing method
and use it to blacklist common.inc.php.
Change-Id: If3a47179f59beb2830219158bfeed9517f7facc3
---
M www/index.php
1 file changed, 5 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/labs/toollabs
refs/changes/73/266173/1
diff --git a/www/index.php b/www/index.php
index 20409f8..9d0ae32 100644
--- a/www/index.php
+++ b/www/index.php
@@ -77,8 +77,12 @@
exit( 0 );
}
+// Files that should not be exposed from the content directory
+$contentBlacklist = array( 'common.inc' );
$content = $values[1];
-if ( !file_exists( "{$dr}/content/{$content}.php" ) ) {
+if ( !file_exists( "{$dr}/content/{$content}.php" ) ||
+ in_array( $content, $contentBlacklist )
+) {
header( 'HTTP/1.0 404 Not Found' );
include 'content/404.php';
exit( 0 );
--
To view, visit https://gerrit.wikimedia.org/r/266173
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If3a47179f59beb2830219158bfeed9517f7facc3
Gerrit-PatchSet: 1
Gerrit-Project: labs/toollabs
Gerrit-Branch: master
Gerrit-Owner: BryanDavis <bda...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
