From 7b70984ef3bcbe4dced1a3ad5fa3ddc2d11c6d62 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 25 Nov 2019 22:00:31 +0100
Subject: [PATCH] [ticket/16226] Prevent Apache servers from using MultiViews

PHPBB3-16226
---
 phpBB/.htaccess | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/phpBB/.htaccess b/phpBB/.htaccess
index 53bce762ea..0be28ab670 100644
--- a/phpBB/.htaccess
+++ b/phpBB/.htaccess
@@ -36,6 +36,13 @@ RewriteRule ^(.*)$ app.php [QSA,L]
 #Options +FollowSymLinks
 </IfModule>
 
+# Apache content negotation tries to interpret non-existent paths as files if
+# MultiViews is enabled. This will however cause issues with paths containg
+# dots, e.g. for the cron tasks
+<IfModule mod_negotiation.c>
+	Options -MultiViews
+</IfModule>
+
 # With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
 # module mod_authz_host to a new module called mod_access_compat (which may be
 # disabled) and a new "Require" syntax has been introduced to mod_authz_host.