From bd4887f660a8509d0331ddc39273e4e53966c692 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 17 Jul 2020 23:03:34 +0200 Subject: [PATCH] [ticket/16554] Align all .htaccess files to support Apache 2.4 directives While the main .htaccess as well as the ones in phpbb/db/migration/data/vXYZ/ do already support the Apache 2.4 mod_authz_core directive "Require all denied", all others still use only the deprecated "Deny from All". To not force modern system to use the mod_access_compat module, the modern directives should be supported in every case. For this, the method of phpbb/db/migration/data/vXYZ/.htaccess is copied to update and align all .htaccess files across the source code. PHPBB3-16554 Signed-off-by: MichaIng --- phpBB/cache/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/config/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/files/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/images/avatars/upload/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/includes/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/store/.htaccess | 37 ++++++++++++++++++++++++--- 6 files changed, 198 insertions(+), 24 deletions(-) diff --git a/phpBB/cache/.htaccess b/phpBB/cache/.htaccess index aa5afc1640..44242b5418 100644 --- a/phpBB/cache/.htaccess +++ b/phpBB/cache/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - \ No newline at end of file +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + diff --git a/phpBB/config/.htaccess b/phpBB/config/.htaccess index 4128d345ab..163ddd802f 100644 --- a/phpBB/config/.htaccess +++ b/phpBB/config/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file diff --git a/phpBB/files/.htaccess b/phpBB/files/.htaccess index aa5afc1640..163ddd802f 100644 --- a/phpBB/files/.htaccess +++ b/phpBB/files/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - \ No newline at end of file +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file diff --git a/phpBB/images/avatars/upload/.htaccess b/phpBB/images/avatars/upload/.htaccess index aa5afc1640..163ddd802f 100644 --- a/phpBB/images/avatars/upload/.htaccess +++ b/phpBB/images/avatars/upload/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - \ No newline at end of file +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file diff --git a/phpBB/includes/.htaccess b/phpBB/includes/.htaccess index 4128d345ab..163ddd802f 100644 --- a/phpBB/includes/.htaccess +++ b/phpBB/includes/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file diff --git a/phpBB/store/.htaccess b/phpBB/store/.htaccess index aa5afc1640..163ddd802f 100644 --- a/phpBB/store/.htaccess +++ b/phpBB/store/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - \ No newline at end of file +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file